CVE-2024-26308Allocation of Resources Without Limits or Throttling in Software Foundation Apache Commons Compress

CWE-770Allocation of Resources Without Limits or Throttling13 documents8 sources
Severity
5.5MEDIUMNVD
EPSS
0.4%
top 39.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Commons CompressApache Commons Compress
Timeline
PublishedFeb 19
Latest updateJul 15

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/commons_compress1.211.26.0

🔴Vulnerability Details

4
CVEList
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file2024-02-19
OSV
CVE-2024-26308: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress2024-02-19
OSV
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file2024-02-19
GHSA
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file2024-02-19

📋Vendor Advisories

8
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: ADF (Apache Commons Compress) — CVE-2024-263082025-07-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Security (Apache Commons Compress) — CVE-2024-263082025-01-15
Oracle
Oracle Oracle Blockchain Platform Risk Matrix: Blockchain Cloud Service Console (Apache Commons Compress) — CVE-2024-263082024-10-15
Oracle
Oracle Oracle Essbase Risk Matrix: Essbase Web Platform (Apache Commons Compress) — CVE-2024-263082024-07-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: General (Apache Commons Compress) — CVE-2024-263082024-04-15
CVE-2024-26308 — MEDIUM severity | cvebase