A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2018-03-16T13:00:00Z

Updated: 2024-09-17T03:59:32.872Z

Reserved: 2017-12-07T00:00:00

Link: CVE-2018-1324

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-03-16T13:29:00.360

Modified: 2024-11-21T03:59:37.757

Link: CVE-2018-1324

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-03-16T00:00:00Z

Links: CVE-2018-1324 - Bugzilla