CVE-2019-12402 Vulnerability Details

  /     /     /  

CVE-2019-12402 Metadata Quick Info

CVE Published: 29/08/2019 | CVE Updated: 04/08/2024 | CVE Year: 2019
Source: apache | Vendor: Apache Software Foundation | Product: Apache Commons Compress
Status : PUBLISHED

---

CVE-2019-12402 Description

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: denial of service vulnerability
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).