CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25710 – Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
https://notcve.org/view.php?id=CVE-2024-25710
19 Feb 2024 — Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. Bucle con vulnerabilidad de condición de salida inalcanzable ("bucle infinito") en Apache Commons Compress. Este problema afecta a Apache Commons Compress: desde 1.3 hasta 1.25.0. Se recomienda a los usuarios actualizar a la versión 1.26.0, que soluciona el problema. • http://www.openwall.com/lists/oss-security/2024/02/19/1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-26308 – Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
https://notcve.org/view.php?id=CVE-2024-26308
19 Feb 2024 — Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. Asignación de recursos sin límites o vulnerabilidad de limitación en Apache Commons Compress. Este problema afecta a Apache Commons Compress: desde 1.21 antes de 1.26. Se recomienda a los usuarios actualizar a la versión 1.26, que soluciona el problema. • https://github.com/crazycatMyopic/cve • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42503 – Apache Commons Compress: Denial of service via CPU consumption for malformed TAR file
https://notcve.org/view.php?id=CVE-2023-42503
14 Sep 2023 — Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption. In version 1.22 of Apache Commons Compress, suppor... • https://lists.apache.org/thread/5xwcyr600mn074vgxq92tjssrchmc93c • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •