Skip to content

Uncontrolled Resource Consumption in Apache Commons Compress

Moderate severity GitHub Reviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Feb 22, 2024

Package

maven org.apache.commons:commons-compress (Maven)

Affected versions

< 1.4.1

Patched versions

1.4.1

Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

References

Published by the National Vulnerability Database Jun 29, 2012
Published to the GitHub Advisory Database May 13, 2022
Reviewed Jul 13, 2022
Last updated Feb 22, 2024

Severity

Moderate

EPSS score

2.630%
(91st percentile)

Weaknesses

CVE ID

CVE-2012-2098

GHSA ID

GHSA-6fxm-66hq-fc96

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.