[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-2098Date: (C)2012-06-29   (M)2023-12-22


Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1027096
http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html
SECUNIA-49255
SECUNIA-49286
BID-53676
OSVDB-82161
FEDORA-2012-8428
FEDORA-2012-8465
FEDORA-2013-5546
FEDORA-2013-5548
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
http://www.openwall.com/lists/oss-security/2023/09/13/3
apache-commons-ant-bzip2-dos(75857)
http://ant.apache.org/security.html
http://commons.apache.org/compress/security.html
http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
https://www.oracle.com/security-alerts/cpujan2021.html

CWE    1
CWE-310
OVAL    4
oval:org.secpod.oval:def:104888
oval:org.secpod.oval:def:104886
oval:org.secpod.oval:def:103831
oval:org.secpod.oval:def:103850
...

© SecPod Technologies