CVE-2012-2098 — MEDIUM (5.0)

Q: How severe is CVE-2012-2098?

CVE-2012-2098 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-2098?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Commons Compress.

Vulnerability Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Commons Compress	< 1.4.1

Related Weaknesses (CWE)

CWE-310

References

http://ant.apache.org/security.htmlVendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2012-05/0130.htmlThird Party Advisory
http://commons.apache.org/compress/security.htmlVendor Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105049.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.htmlThird Party Advisory
http://osvdb.org/82161Broken Link
http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-DThird Party Advisory
http://secunia.com/advisories/49255Vendor Advisory
http://secunia.com/advisories/49286Third Party Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21644047Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/09/13/3
http://www.securityfocus.com/bid/53676Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1027096Third Party AdvisoryVDB Entry

FAQ

What is CVE-2012-2098?

CVE-2012-2098 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a deni...

How severe is CVE-2012-2098?

CVE-2012-2098 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-2098?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Commons Compress.