The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
AI analysis not yet available
Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.
No Fix Known
No patch has been released yet. Apply workarounds or mitigations where available.
| Vendor | Product | Versions | Fixed In |
|---|---|---|---|
| apache | commons_compress | 1.15 - 1.18 | - |
| fedoraproject | fedora | - | - |
| fedoraproject | fedora | - |
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
38
Affected Products
60
References
apache / commons_compress
| - |
| oracle | banking_payments | 14.1.0 - 14.4.0 | - |
| oracle | banking_platform | - | - |
| oracle | banking_platform | - | - |
| oracle | banking_platform | - | - |
| oracle | banking_platform | - | - |
| oracle | communications_element_manager | 8.2.0 - 8.2.2 | - |
| oracle | communications_ip_service_activator | - | - |
| oracle | communications_ip_service_activator | - | - |
| oracle | communications_session_report_manager | 8.2.0 - 8.2.2 | - |
| oracle | communications_session_route_manager | 8.2.0 - 8.2.2 | - |
| oracle | customer_management_and_segmentation_foundation | - | - |
| oracle | essbase | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_investor_servicing | - | - |
| oracle | flexcube_private_banking | - | - |
| oracle | flexcube_private_banking | - | - |
| oracle | hyperion_infrastructure_technology | - | - |
| oracle | jdeveloper | - | - |
| oracle | peoplesoft_enterprise_pt_peopletools | - | - |
| oracle | peoplesoft_enterprise_pt_peopletools | - | - |
| oracle | peoplesoft_enterprise_pt_peopletools | - | - |
| oracle | primavera_gateway | 18.8.0 - 18.8.8 | - |
| oracle | primavera_gateway | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_integration_bus | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | retail_xstore_point_of_service | - | - |
| oracle | webcenter_portal | - | - |
| oracle | webcenter_portal | - | - |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability
Impact