oss-sec mailing list archives
CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
From: "Gary D. Gregory" <ggregory () apache org>
Date: Mon, 19 Feb 2024 01:26:00 +0000
Severity: moderate Affected versions: - Apache Commons Compress 1.21 before 1.26.0 Description: Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. Credit: Yakov Shafranovich, Amazon Web Services (reporter) References: https://commons.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-26308
Current thread:
- CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file Gary D. Gregory (Feb 19)