Skip to content

Uncontrolled Resource Consumption in Apache Commons Compress

Moderate severity GitHub Reviewed Published May 13, 2022 to the GitHub Advisory Database • Updated Feb 22, 2024

Package

maven org.apache.commons:commons-compress (Maven)

Affected versions

< 1.4.1

Patched versions

1.4.1

Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

References

Published by the National Vulnerability Database Jun 29, 2012
Published to the GitHub Advisory Database May 13, 2022
Reviewed Jul 13, 2022
Last updated Feb 22, 2024

Severity

Moderate

EPSS score

Exploit Prediction Scoring System (EPSS)

This score estimates the probability of this vulnerability being exploited within the next 30 days. Data provided by FIRST.
(86th percentile)

Weaknesses

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Learn more on MITRE.

CVE ID

CVE-2012-2098

GHSA ID

GHSA-6fxm-66hq-fc96

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.