Back to search
CVE-2018-1324
Published: Mar 16, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Commons Compress | affected 1.11 to 1.15 |
References
1040549
vdb-entry
x_refsource_SECTRACK
[dev] 20180316 [CVE-2018-1324] Apache Commons Compress denial of service vulnerability
mailing-list
x_refsource_MLIST
103490
vdb-entry
x_refsource_BID
[creadur-dev] 20190530 [Discuss] RAT-244 - update to language level 1.7 due to CVE issues in RAT
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now