QwikSec

Security Database

CVE

CWE

Training

CVE-2018-11771

Published: Aug 16, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

Vendor	Product	Versions
Apache Software Foundation	Apache Commons Compress	affected `1.7 to 1.17`

References

vdb-entry

x_refsource_BID

[announce] 20180816 [CVE-2018-11771] Apache Commons Compress 1.7 to 1.17 denial of service vulnerability

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_SECTRACK

[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1

mailing-list

x_refsource_MLIST

[creadur-dev] 20190530 [Discuss] RAT-244 - update to language level 1.7 due to CVE issues in RAT

mailing-list

x_refsource_MLIST

[commons-notifications] 20190827 svn commit: r1049290 - in /websites/production/commons/content/proper/commons-compress: changes-report.html security-reports.html

mailing-list

x_refsource_MLIST

[commons-commits] 20190827 [commons-compress] branch master updated: record CVE-2019-12402

mailing-list

x_refsource_MLIST

[tinkerpop-commits] 20190923 [GitHub] [tinkerpop] justinchuch opened a new pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-commits] 20190923 [GitHub] [tinkerpop] spmallette commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-commits] 20190923 [GitHub] [tinkerpop] robertdale commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-dev] 20190924 [GitHub] [tinkerpop] spmallette commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] spmallette commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-dev] 20190924 [GitHub] [tinkerpop] justinchuch commented on issue #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-dev] 20190930 [GitHub] [tinkerpop] spmallette closed pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

[tinkerpop-commits] 20190930 [GitHub] [tinkerpop] spmallette merged pull request #1199: Upgrade commons-compress to version 1.19 due to CVE-2018-11771

mailing-list

x_refsource_MLIST

https://www.oracle.com/security-alerts/cpujan2022.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.