CVE-2012-2098

CWE-310 CWE-400 — Uncontrolled Resource Consumption9 documents7 sources

Severity

5.0MEDIUM

EPSS

3.2%

top 13.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Commons Compress Apache Commons Compress

Timeline

PublishedJun 29

Latest updateMay 13

Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDapache/commons_compress< 1.4.1

▶Mavenorg.apache.commons:commons-compress< 1.4.1

▶CVEListV5apache_software_foundation/apache_commons_compress1.22 — 1.24.0

▶Debianlibcommons-compress-java< 1.4.1-1+3

🔴Vulnerability Details

GHSA

Uncontrolled Resource Consumption in Apache Commons Compress↗2022-05-13

▶

OSV

Uncontrolled Resource Consumption in Apache Commons Compress↗2022-05-13

▶

OSV

CVE-2012-2098: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress be↗2012-06-29

▶

CVEList

CVE-2012-2098: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress be↗2012-06-29

▶

📋Vendor Advisories

Red Hat

apache-commons-compress: denial of service flaw when compressing certain files↗2012-05-23

▶

Debian

CVE-2012-2098: libcommons-compress-java - Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compress...↗2012

▶

💬Community

Bugzilla

CVE-2012-2098 apache-commons-compress: denial of service flaw when compressing certain files [fedora-all]↗2012-05-24

▶

Bugzilla

CVE-2012-2098 apache-commons-compress: denial of service flaw when compressing certain files↗2012-04-05

▶