CVE - CVE-2012-2098

CVE-ID
CVE-2012-2098	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:53676 URL:http://www.securityfocus.com/bid/53676 BUGTRAQ:20120523 [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability URL:http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.html CONFIRM:http://ant.apache.org/security.html URL:http://ant.apache.org/security.html CONFIRM:http://commons.apache.org/compress/security.html URL:http://commons.apache.org/compress/security.html CONFIRM:http://www-01.ibm.com/support/docview.wss?uid=swg21644047 URL:http://www-01.ibm.com/support/docview.wss?uid=swg21644047 FEDORA:FEDORA-2012-8428 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html FEDORA:FEDORA-2012-8465 URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html FEDORA:FEDORA-2013-5546 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.html FEDORA:FEDORA-2013-5548 URL:http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html MISC:http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html URL:http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html MISC:https://www.oracle.com/security-alerts/cpujan2021.html URL:https://www.oracle.com/security-alerts/cpujan2021.html MLIST:[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1 URL:https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E MLIST:[oss-security] 20230913 CVE-2023-42503: Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file URL:http://www.openwall.com/lists/oss-security/2023/09/13/3 OSVDB:82161 URL:~~http://osvdb.org/82161~~ (Obsolete source) SECTRACK:1027096 URL:http://www.securitytracker.com/id?1027096 SECUNIA:49255 URL:http://secunia.com/advisories/49255 SECUNIA:49286 URL:http://secunia.com/advisories/49286 XF:apache-commons-ant-bzip2-dos(75857) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/75857
Assigning CNA
Red Hat, Inc.
Date Record Created
20120404	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)