CVE-2012-2098
Uncontrolled Resource Consumption in Apache Commons Compress
EPSS 1.8%
Description
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
How to fix CVE-2012-2098
To remediate CVE-2012-2098, upgrade the affected package to a fixed version below.
- Debian/libcommons-compress-java—upgrade to 1.4.1-1 or later
- Maven/org.apache.commons:commons-compress—upgrade to 1.4.1 or later
Is CVE-2012-2098 being exploited?
Low — EPSS is 1.8%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.1-1
- from 0, < 1.4.1