CVE-2024-26308

Опубликовано: 19 фев. 2024

Источник: redhat

CVSS3: 5.5

Описание

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.

Меры по смягчению последствий

No mitigation is currently available for this vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние
AMQ Clients	commons-compress	Not affected
A-MQ Clients 2	commons-compress	Not affected
Cryostat 2	commons-compress	Fix deferred
Logging Subsystem for Red Hat OpenShift	org.elasticsearch-elasticsearch	Not affected
Red Hat Ansible Automation Platform 2	commons-compress	Will not fix
Red Hat build of Apache Camel for Spring Boot 3	commons-compress	Not affected
Red Hat build of Apache Camel for Spring Boot 4	commons-compress	Affected
Red Hat build of Debezium 2	commons-compress	Not affected
Red Hat Build of Keycloak	commons-compress	Not affected
Red Hat build of OptaPlanner 8	commons-compress	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=2264989commons-compress: OutOfMemoryError unpacking broken Pack200 file

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2024-26308

CVSS3: 5.5

ubuntu

почти 2 года назад

CVE-2024-26308

CVSS3: 5.5

nvd

почти 2 года назад

CVE-2024-26308

msrc

5 месяцев назад

Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

CVE-2024-26308

CVSS3: 5.5

debian

почти 2 года назад

Allocation of Resources Without Limits or Throttling vulnerability in ...

GHSA-4265-ccf5-phj5

CVSS3: 5.5

github

почти 2 года назад

Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

5.5 Medium

CVSS3