CVE-2018-1324

CVSS v3.1 5.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.13 % (49^th)

Affected Products 3

Advisories 3

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

Weaknesses

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2018-03-16 13:29:00
(6 years ago)
Updated Date: 2023-11-07 02:55:58
(10 months ago)

Affected Products

Apache

Commons Compress

Oracle

Configuration #1

		CPE23	From	Up To
	Apache Commons Compress from 1.11 version and 1.15 and prior versions	cpe:2.3:a:apache:commons_compress	>= 1.11	<= 1.15

Configuration #2

	CPE23	From	Up To
Oracle Mysql Cluster 7.4.34 and prior versions	cpe:2.3:a:oracle:mysql_cluster		<= 7.4.34
Oracle Mysql Cluster from 7.5.0 version and 7.5.24 and prior versions	cpe:2.3:a:oracle:mysql_cluster	>= 7.5.0	<= 7.5.24
Oracle Mysql Cluster from 7.6.0 version and 7.6.20 and prior versions	cpe:2.3:a:oracle:mysql_cluster	>= 7.6.0	<= 7.6.20
Oracle Mysql Cluster from 8.0.0 version and 8.0.27 and prior versions	cpe:2.3:a:oracle:mysql_cluster	>= 8.0.0	<= 8.0.27
Oracle Weblogic Server 14.1.1.0.0	cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0