CVE-2012-2098
Published: 29 June 2012
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Priority
Status
Package | Release | Status |
---|---|---|
libcommons-compress-java Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Not vulnerable
(1.4.1-1)
|
|
raring |
Not vulnerable
(1.4.1-1)
|
|
saucy |
Not vulnerable
(1.4.1-1)
|
|
trusty |
Does not exist
(trusty was not-affected [1.4.1-1])
|
|
upstream |
Released
(1.4.1-1)
|
|
utopic |
Not vulnerable
(1.4.1-1)
|
|
vivid |
Not vulnerable
(1.4.1-1)
|
|
wily |
Not vulnerable
(1.4.1-1)
|
|
xenial |
Not vulnerable
(1.4.1-1)
|
|
yakkety |
Not vulnerable
(1.4.1-1)
|
|
zesty |
Not vulnerable
(1.4.1-1)
|
References
- http://www.securitytracker.com/id?1027096
- http://secunia.com/advisories/49255
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
- http://commons.apache.org/compress/security.html
- http://ant.apache.org/security.html
- https://www.cve.org/CVERecord?id=CVE-2012-2098
- NVD
- Launchpad
- Debian