oss-sec mailing list archives
CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
From: "Gary D. Gregory" <ggregory () apache org>
Date: Mon, 19 Feb 2024 01:25:47 +0000
Severity: important Affected versions: - Apache Commons Compress 1.3 through 1.25.0 Description: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. Credit: Yakov Shafranovich, Amazon Web Services (reporter) References: https://commons.apache.org/ https://www.cve.org/CVERecord?id=CVE-2024-25710
Current thread:
- CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file Gary D. Gregory (Feb 19)