You are here

CVE-2012-2098

Vincent (CVE) Danen's picture
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

Details Source

Mitre

Statement

The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 5 and 6 for Apache Ant. This issue does not affect the Apache commons-compress library as shipped with JBoss Enterprise BRMS Platform 5.2.0 or JBoss Enterprise Portal Platform 5.2.0. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Public Date

2012-05-23 00:00:00

Impact

Low

Bugzilla

CVE-2012-2098 apache-commons-compress: denial of service flaw when compressing certain files

Bugzilla ID

810 406

CVSS Status

draft

Base Score

2.60

Base Metrics

AV:N/AC:H/Au:N/C:N/I:N/A:P

Affected Packages State

Platform Package State
Red Hat Jboss BRMS 5 Security Not affected
Red Hat JBoss Portal 5 Portal Not affected
Red Hat Enterprise Linux 6 ant Fix deferred
Red Hat Enterprise Linux 5 ant Fix deferred