CVE-2012-2098
Publication date 29 June 2012
Last updated 24 July 2024
Ubuntu priority
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Status
Package | Ubuntu Release | Status |
---|---|---|
libcommons-compress-java | ||
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
References
Other references
- http://www.securitytracker.com/id?1027096
- http://secunia.com/advisories/49255
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
- http://commons.apache.org/compress/security.html
- http://ant.apache.org/security.html
- https://www.cve.org/CVERecord?id=CVE-2012-2098