The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
apache commons compress |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
oracle flexcube investor servicing 12.3.0 |
||
oracle flexcube investor servicing 12.1.0 |
||
oracle retail xstore point of service 15.0 |
||
oracle flexcube private banking 12.1.0 |
||
oracle flexcube private banking 12.0.0 |
||
oracle retail integration bus 15.0 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle flexcube investor servicing 12.4.0 |
||
oracle peoplesoft enterprise pt peopletools 8.56 |
||
oracle retail xstore point of service 16.0 |
||
oracle flexcube investor servicing 14.0.0 |
||
oracle retail integration bus 16.0 |
||
oracle banking platform 2.6.2 |
||
oracle flexcube investor servicing 14.1.0 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle retail xstore point of service 17.0 |
||
oracle retail xstore point of service 18.0 |
||
oracle retail xstore point of service 19.0 |
||
oracle communications ip service activator 7.4.0 |
||
oracle communications ip service activator 7.3.0 |
||
oracle banking payments |
||
oracle hyperion infrastructure technology 11.1.2.4 |
||
oracle jdeveloper 12.2.1.4.0 |
||
oracle banking platform 2.7.0 |
||
oracle banking platform 2.9.0 |
||
oracle primavera gateway 19.12.0 |
||
oracle primavera gateway |
||
oracle customer management and segmentation foundation 18.0 |
||
oracle banking platform 2.8.0 |
||
oracle communications session route manager |
||
oracle communications session report manager |
||
oracle communications element manager |
||
oracle peoplesoft enterprise pt peopletools 8.57 |
||
oracle essbase 21.2 |
||
oracle peoplesoft enterprise pt peopletools 8.58 |
Vulmon