CVE-2023-42503
Severity
5.5MEDIUM
EPSS
0.0%
top 97.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedSep 14
Latest updateJul 15
Description
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0.
Users are recommended to upgrade to version 1.24.0, which fixes the issue.
A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.
In version 1.22 of Apache Commons C…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
4OSV▶
CVE-2023-42503: Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing↗2023-09-14
CVEList
▶
📋Vendor Advisories
7Oracle▶
Oracle Oracle PeopleSoft Risk Matrix: Webserver (Apache Commons Compress) — CVE-2023-42503↗2024-07-15
Oracle▶
Oracle Oracle Enterprise Manager Risk Matrix: Enterprise Manager Install (Apache Commons Compress) — CVE-2023-42503↗2024-04-15
Oracle▶
Oracle Oracle Essbase Risk Matrix: Essbase Web Platform (Apache Commons Compress) — CVE-2023-42503↗2024-01-15
Microsoft
▶
Red Hat
▶