CVE-2012-2098
Published: 29 June 2012
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libcommons-compress-java Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Ignored
(end of life)
|
|
| natty |
Ignored
(end of life)
|
|
| oneiric |
Ignored
(end of life)
|
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Not vulnerable
(1.4.1-1)
|
|
| raring |
Not vulnerable
(1.4.1-1)
|
|
| saucy |
Not vulnerable
(1.4.1-1)
|
|
| trusty |
Does not exist
(trusty was not-affected [1.4.1-1])
|
|
| upstream |
Released
(1.4.1-1)
|
|
| utopic |
Not vulnerable
(1.4.1-1)
|
|
| vivid |
Not vulnerable
(1.4.1-1)
|
|
| wily |
Not vulnerable
(1.4.1-1)
|
|
| xenial |
Not vulnerable
(1.4.1-1)
|
|
| yakkety |
Not vulnerable
(1.4.1-1)
|
|
| zesty |
Not vulnerable
(1.4.1-1)
|
References
- http://www.securitytracker.com/id?1027096
- http://secunia.com/advisories/49255
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
- http://commons.apache.org/compress/security.html
- http://ant.apache.org/security.html
- https://www.cve.org/CVERecord?id=CVE-2012-2098
- NVD
- Launchpad
- Debian