ID CVE-2018-1324
Summary A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:commons_compress:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:commons_compress:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:commons_compress:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:commons_compress:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:commons_compress:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:commons_compress:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:commons_compress:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:commons_compress:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:commons_compress:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:commons_compress:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.1:beta:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.2:beta:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.1:m2:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.1:m2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.3.30:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.1:m1:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.1:m1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.2:m2:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.2:m2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.3:rc:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.3:rc:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.29:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.29:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.33:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.33:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.4.34:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.4.34:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.0:m1:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.1:m2:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.1:m2:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.2:m3:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.2:m3:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.5.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:7.6.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:7.6.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_cluster:8.0.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_cluster:8.0.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 18-04-2022 - 14:27)
Impact:
Exploitability:
CWE CWE-835
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
refmap via4
bid 103490
mlist
  • [beam-issues] 20200421 [jira] [Closed] (BEAM-3873) Current version of commons-compress is DOS vulnerable CVE-2018-1324
  • [creadur-dev] 20190530 [Discuss] RAT-244 - update to language level 1.7 due to CVE issues in RAT
  • [dev] 20180316 [CVE-2018-1324] Apache Commons Compress denial of service vulnerability
  • [pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1
sectrack 1040549
Last major update 18-04-2022 - 14:27
Published 16-03-2018 - 13:29
Last modified 18-04-2022 - 14:27
Back to Top