oss-sec mailing list archives
CVE-2021-35515: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability
From: Stefan Bodewig <bodewig () apache org>
Date: Tue, 13 Jul 2021 04:00:47 +0000
Severity: low Description: When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. Mitigation: Commons Compress users should upgrade to 1.21 or later. Credit: This issue was discovered by OSS Fuzz. References: https://commons.apache.org/proper/commons-compress/security-reports.html
Current thread:
- CVE-2021-35515: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability Stefan Bodewig (Jul 13)