|Bugzilla:||810406: CVE-2012-2098 apache-commons-compress: denial of service flaw when compressing certain files|
The MITRE CVE dictionary describes this issue as:
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 5 and 6 for Apache Ant. This issue does not affect the Apache commons-compress library as shipped with JBoss Enterprise BRMS Platform 5.2.0 or JBoss Enterprise Portal Platform 5.2.0. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
CVSS v2 metrics
NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.