Infinite Loop Vulnerability in Apache Commons Compress
CVE-2024-25710

8.1HIGH

Key Information:

Vendor

Apache
Status
Apache Commons Compress
Vendor
CVE Published:
19 February 2024

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2024-25710?

An infinite loop vulnerability exists in Apache Commons Compress, affecting versions from 1.3 through 1.25.0. This flaw could lead to applications becoming unresponsive, as the control flow may enter a loop with no reachable exit condition. Users are strongly advised to upgrade to version 1.26.0 or later, which addresses this issue and enhances overall security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Commons Compress 1.3 <= 1.25.0

News Articles

favicon imageprophaze.com

CVE-2024-25710 : APACHE COMMONS COMPRESS UP TO 1.25.0 INFINITE LOOP - Cloud WAF

CVE-2024-25710 : Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.

References

https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51...
vendor-advisory
http://www.openwall.com/lists/oss-security/2024/02/19/1
https://security.netapp.com/advisory/ntap-20240307-0010/

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • ๐Ÿ“ฐ

    First article discovered by prophaze.com

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yakov Shafranovich, Amazon Web Services
JSON
.