First published: Fri Jun 29 2012(Updated: )
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Commons Compress | <1.4.1 | |
maven/org.apache.commons:commons-compress | <1.4.1 | 1.4.1 |
<1.4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-2098 has a medium severity level due to its potential to cause denial of service through CPU consumption.
To fix CVE-2012-2098, upgrade to Apache Commons Compress version 1.4.1 or later.
CVE-2012-2098 is an algorithmic complexity vulnerability in the sorting algorithms of bzip2 within Apache Commons Compress.
Yes, CVE-2012-2098 can be exploited remotely by attackers using specially crafted files.
CVE-2012-2098 affects Apache Commons Compress versions prior to 1.4.1.