The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-08-29T00:00:00
Updated: 2024-08-04T23:17:39.992Z
Reserved: 2019-05-28T00:00:00
Link: CVE-2019-12402
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-08-30T09:15:17.910
Modified: 2024-11-21T04:22:45.983
Link: CVE-2019-12402
Redhat