发布时间: 2022年7月22日
修改时间: 2022年7月22日
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 7.5 | 7.5 |
| Attack Vector | Network | Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality | None | None |
| Integrity | None | None |
| Availability | High | High |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2022-1807 | The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress. | 2022年7月22日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | apache-commons-compress | Unaffected |
| KY3.4-5 | apache-commons-compress | Unaffected |
| KY3.5.1 | apache-commons-compress | Unaffected |
