CVE-2012-2098
published 2012-06-29CVE-2012-2098: Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before…
medium5CVSS 3.1
AVNACLAuNCNINAP
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | commons_compress | < 1.4.1 | 1.4.1 |
| apache | commons_compress | >= 1.22 < 1.24.0 | 1.24.0 |
| apache_software_foundation | apache_commons_compress | >= 1.22 < 1.24.0 | 1.24.0 |
| debian | libcommons-compress-java | < libcommons-compress-java 1.24.0-1 (forky) | libcommons-compress-java 1.24.0-1 (forky) |
| debian | libcommons-compress-java | < libcommons-compress-java 1.4.1-1 (bookworm) | libcommons-compress-java 1.4.1-1 (bookworm) |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
ghsa5.0MEDIUM
osv5.0MEDIUM