Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-11771

Опубликовано: 17 авг. 2018
Источник: redhat
CVSS3: 4.3
EPSS Низкий

Описание

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
JBoss Developer Studio 11commons-compressOut of support scope
Red Hat BPM Suite 6commons-compressOut of support scope
Red Hat Enterprise Linux 7apache-commons-compressNot affected
Red Hat Enterprise Linux 8apache-commons-compressNot affected
Red Hat JBoss BRMS 6commons-compressOut of support scope
Red Hat JBoss Data Virtualization 6commons-compressOut of support scope
Red Hat JBoss Fuse 6commons-compressOut of support scope
Red Hat JBoss Fuse Service Works 6commons-compressOut of support scope
Red Hat JBoss Operations Network 3commons-compressOut of support scope
Red Hat Mobile Application Platform 4commons-compressOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=1618573apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip

EPSS

Процентиль: 79%
0.01296
Низкий

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-11771

CVSS3: 5.5
ubuntu
больше 7 лет назад

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

nvd логотип

CVE-2018-11771

CVSS3: 5.5
nvd
больше 7 лет назад

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

debian логотип

CVE-2018-11771

CVSS3: 5.5
debian
больше 7 лет назад

When reading a specially crafted ZIP archive, the read method of Apach ...

github логотип

GHSA-hrmr-f5m6-m9pq

CVSS3: 5.5
github
больше 7 лет назад

Moderate severity vulnerability that affects org.apache.commons:commons-compress

fstec логотип

BDU:2021-01453

CVSS3: 6.5
fstec
больше 7 лет назад

Уязвимость метода чтения набора инструментов для сжатия Commons Compress, связанная с бесконечной работой цикла, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 79%
0.01296
Низкий

4.3 Medium

CVSS3