Описание
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allows the mounting of a denial of service attack against services that use Compress' SevenZ package. The highest threat from this vulnerability is to system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Decision Manager 7 | apache-commons-compress | Out of support scope | ||
| Red Hat Enterprise Linux 7 | apache-commons-compress | Will not fix | ||
| Red Hat Enterprise Linux 8 | eclipse:rhel8/apache-commons-compress | Will not fix | ||
| Red Hat Enterprise Linux 8 | javapackages-tools:201801/apache-commons-compress | Will not fix | ||
| Red Hat Enterprise Linux 9 | apache-commons-compress | Not affected | ||
| Red Hat Process Automation 7 | apache-commons-compress | Out of support scope | ||
| Red Hat Software Collections | rh-maven36-apache-commons-compress | Will not fix | ||
| Red Hat Fuse 7.11 | apache-commons-compress | Fixed | RHSA-2022:5532 | 07.07.2022 |
| Red Hat Virtualization Engine 4.4 | apache-commons-compress | Fixed | RHSA-2022:5555 | 14.07.2022 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
When reading a specially crafted 7Z archive, the construction of the l ...
Уязвимость архиватора Apache Commons Compress, связанная с выполнением цикла без достаточного ограничения количества его выполнения, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3