CVE-2024-25710

CWE-83510 documents8 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 95.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Commons Compress Apache Software Foundation Apache Commons Compress

Timeline

PublishedFeb 19

Latest updateApr 15

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 1.4 | Impact: 6.0

Affected Packages4 packages

▶NVDapache/commons_compress1.3 — 1.26.0

▶Mavenorg.apache.commons:commons-compress1.3 — 1.26.0

▶CVEListV5apache_software_foundation/apache_commons_compress1.3 — 1.25.0

▶Debianlibcommons-compress-java< 1.27.1-1+1

🔴Vulnerability Details

CVEList

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file↗2024-02-19

▶

OSV

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file↗2024-02-19

▶

OSV

CVE-2024-25710: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress↗2024-02-19

▶

GHSA

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file↗2024-02-19

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Composer, Common (Apache Commons Compress) — CVE-2024-25710↗2025-04-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Signaling (Apache Commons Compress) — CVE-2024-25710↗2024-07-15

▶

Red Hat

commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file↗2024-02-19

▶

Microsoft

Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file↗2024-02-13

▶

Debian

CVE-2024-25710: libcommons-compress-java - Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache C...↗2024

▶