CVE-2024-25710

Опубликовано: 19 фев. 2024

Источник: nvd

CVSS3: 8.1

CVSS3: 5.5

EPSS Низкий

Описание

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

Ссылки

http://www.openwall.com/lists/oss-security/2024/02/19/1
Mailing List
Third Party Advisory
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0010/
http://seclists.org/fulldisclosure/2024/Aug/37
http://www.openwall.com/lists/oss-security/2024/02/19/1
Mailing List
Third Party Advisory
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240307-0010/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*

Версия от 1.3 (включая) до 1.26.0 (исключая)

EPSS

Процентиль: 4%

0.00018

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-835

Связанные уязвимости

CVE-2024-25710

CVSS3: 8.1

ubuntu

почти 2 года назад

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CVE-2024-25710

CVSS3: 5.5

redhat

почти 2 года назад

CVE-2024-25710

CVSS3: 5.5

msrc

6 месяцев назад

Описание отсутствует

CVE-2024-25710

CVSS3: 8.1

debian

почти 2 года назад

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...

GHSA-4g9r-vxhx-9pgx

CVSS3: 5.9

github

почти 2 года назад

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file

EPSS

Процентиль: 4%

0.00018

Низкий

8.1 High

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-835