Infinite Loop Vulnerability in Apache Commons Compress
CVE-2024-25710

5.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Commons Compress
Vendor: CVE Published:; 19 February 2024

Badges

📰 News Worthy

Summary

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

Affected Version(s)

Apache Commons Compress 1.3 <= 1.25.0

News Articles

prophaze.com

CVE-2024-25710

CVE-2024-25710 : APACHE COMMONS COMPRESS UP TO 1.25.0 INFINITE LOOP - Cloud WAF

CVE-2024-25710 : Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.

1 year ago

References

https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51...

vendor-advisory

http://www.openwall.com/lists/oss-security/2024/02/19/1

https://security.netapp.com/advisory/ntap-20240307-0010/

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by prophaze.com
Feb 20, 2024
Vulnerability published
Feb 19, 2024
Vulnerability Reserved
Feb 10, 2024

Credit

Yakov Shafranovich, Amazon Web Services

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

CVE-2024-25710 : APACHE COMMONS COMPRESS UP TO 1.25.0 INFINITE LOOP - Cloud WAF

References

CVSS V3.1

Timeline

Credit