CVE-2012-2098

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
References
Link Resource
http://ant.apache.org/security.html Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html Third Party Advisory
http://commons.apache.org/compress/security.html Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html Third Party Advisory
http://osvdb.org/82161 Broken Link
http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html Third Party Advisory
http://secunia.com/advisories/49255 Vendor Advisory
http://secunia.com/advisories/49286 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644047 Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/13/3
http://www.securityfocus.com/bid/53676 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1027096 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75857 Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2021.html Third Party Advisory
http://ant.apache.org/security.html Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html Third Party Advisory
http://commons.apache.org/compress/security.html Vendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html Third Party Advisory
http://osvdb.org/82161 Broken Link
http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html Third Party Advisory
http://secunia.com/advisories/49255 Vendor Advisory
http://secunia.com/advisories/49286 Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644047 Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/13/3
http://www.securityfocus.com/bid/53676 Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1027096 Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75857 Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
https://www.oracle.com/security-alerts/cpujan2021.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:38

Type Values Removed Values Added
References () http://ant.apache.org/security.html - Vendor Advisory () http://ant.apache.org/security.html - Vendor Advisory
References () http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html - Third Party Advisory () http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html - Third Party Advisory
References () http://commons.apache.org/compress/security.html - Vendor Advisory () http://commons.apache.org/compress/security.html - Vendor Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html - Third Party Advisory
References () http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html - Third Party Advisory () http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html - Third Party Advisory
References () http://osvdb.org/82161 - Broken Link () http://osvdb.org/82161 - Broken Link
References () http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html - Third Party Advisory () http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html - Third Party Advisory
References () http://secunia.com/advisories/49255 - Vendor Advisory () http://secunia.com/advisories/49255 - Vendor Advisory
References () http://secunia.com/advisories/49286 - Third Party Advisory () http://secunia.com/advisories/49286 - Third Party Advisory
References () http://www-01.ibm.com/support/docview.wss?uid=swg21644047 - Third Party Advisory () http://www-01.ibm.com/support/docview.wss?uid=swg21644047 - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2023/09/13/3 - () http://www.openwall.com/lists/oss-security/2023/09/13/3 -
References () http://www.securityfocus.com/bid/53676 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/53676 - Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1027096 - Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1027096 - Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/75857 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/75857 - Third Party Advisory, VDB Entry
References () https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E - () https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E -
References () https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory () https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory

07 Nov 2023, 02:10

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E', 'name': '[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1', 'tags': ['Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E -

14 Sep 2023, 00:15

Type Values Removed Values Added
References
  • (MLIST) http://www.openwall.com/lists/oss-security/2023/09/13/3 -

Information

Published : 2012-06-29 19:55

Updated : 2024-11-21 01:38


NVD link : CVE-2012-2098

Mitre link : CVE-2012-2098

CVE.ORG link : CVE-2012-2098


JSON object : View

Products Affected

apache

  • commons_compress
CWE
CWE-310

Cryptographic Issues