Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1324

Опубликовано: 16 мар. 2018
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Отчет

This issue affects the versions of lucene4 as shipped with Red Hat Enterprise Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not include the lucene4 component and are not affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
JBoss Developer Studio 11commons-compressNot affected
Red Hat BPM Suite 6commons-compressNot affected
Red Hat Enterprise Linux 7apache-commons-compressNot affected
Red Hat Enterprise Linux 8apache-commons-compressNot affected
Red Hat JBoss BRMS 5commons-compressNot affected
Red Hat JBoss BRMS 6commons-compressNot affected
Red Hat JBoss Data Virtualization 6commons-compressWill not fix
Red Hat JBoss Fuse 6commons-compressNot affected
Red Hat JBoss Fuse Service Works 6commons-compressNot affected
Red Hat Mobile Application Platform 4commons-compressNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-190->CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=1557542apache-commons-compress: Infinite loop via extra field parser in ZipFile and ZipArchiveInputStream classes

EPSS

Процентиль: 82%
0.01665
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-1324

CVSS3: 5.5
ubuntu
почти 8 лет назад

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

nvd логотип

CVE-2018-1324

CVSS3: 5.5
nvd
почти 8 лет назад

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

debian логотип

CVE-2018-1324

CVSS3: 5.5
debian
почти 8 лет назад

A specially crafted ZIP archive can be used to cause an infinite loop ...

github логотип

GHSA-h436-432x-8fvx

CVSS3: 5.5
github
почти 7 лет назад

Apache Commons Compress vulnerable to denial of service due to infinite loop

fstec логотип

BDU:2021-01429

CVSS3: 6.5
fstec
около 8 лет назад

Уязвимость реализации классов ZipFile и ZipArchiveInputStream набора инструментов для сжатия Commons Compress, связанная с бесконечной работой цикла, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 82%
0.01665
Низкий

7.5 High

CVSS3