Vulnerability Details : CVE-2012-2098
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2012-2098
Probability of exploitation activity in the next 30 days: 2.63%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-2098
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2012-2098
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-2098
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
[SECURITY] Fedora 17 Update: apache-commons-compress-1.4.1-1.fc17Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html
[SECURITY] Fedora 17 Update: plexus-archiver-2.3-1.fc17Third Party Advisory
-
http://secunia.com/advisories/49286
Sign inThird Party Advisory
-
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
IBM Security Bulletin: Potential Security Vulnerabilities fixed in IBM WebSphere Application Server 8.0.0.7Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html
[SECURITY] Fedora 16 Update: apache-commons-compress-1.4.1-1.fc16Third Party Advisory
-
http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html
Apache Commons Compress / Apache Ant Denial Of Service ≈ Packet StormThird Party Advisory
-
http://www.securitytracker.com/id?1027096
Apache Commons Compress BZip2CompressorOutputStream() Sorting Algorithm Lets Remote or Local Users Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
https://www.oracle.com/security-alerts/cpujan2021.html
Oracle Critical Patch Update Advisory - January 2021Third Party Advisory
-
http://osvdb.org/82161
Broken Link
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html
[SECURITY] Fedora 18 Update: plexus-archiver-2.3-1.fc18Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html
Third Party Advisory
-
http://secunia.com/advisories/49255
Sign inVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75857
Apache Commons Compress and Apache Ant bzip2 denial of service CVE-2012-2098 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/53676
Apache Commons Compress and Apache Ant CVE-2012-2098 Denial Of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://commons.apache.org/compress/security.html
404 Not FoundVendor Advisory
-
http://ant.apache.org/security.html
Apache Ant - Apache Ant Security ReportsVendor Advisory
-
http://www.openwall.com/lists/oss-security/2023/09/13/3
oss-security - CVE-2023-42503: Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file
-
https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E
CVEs (vulnerabilities) that apply to Solr 8.4.1 - Pony MailThird Party Advisory
Products affected by CVE-2012-2098
- cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*