The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
18 Aug 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-08-30 09:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-12402
Mitre link : CVE-2019-12402
CVE.ORG link : CVE-2019-12402
JSON object : View
Products Affected
oracle
- communications_session_report_manager
- flexcube_investor_servicing
- flexcube_private_banking
- communications_element_manager
- jdeveloper
- retail_xstore_point_of_service
- hyperion_infrastructure_technology
- communications_session_route_manager
- banking_payments
- communications_ip_service_activator
- peoplesoft_enterprise_pt_peopletools
- essbase
- retail_integration_bus
- banking_platform
- customer_management_and_segmentation_foundation
- primavera_gateway
- webcenter_portal
apache
- commons_compress
fedoraproject
- fedora
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')