CVE - CVE-2012-2098

About CVE

Terminology
Documents
FAQs
CVE List

About CVE Identifiers
Search CVE
Search NVD
Updates & RSS Feeds
Request a CVE-ID
CVE In Use

CVE-Compatible Products
NVD for CVE Fix Information
CVE Numbering Authorities
News & Events

Calendar
Free Newsletter
Community

CVE Editorial Board
Sponsor
Contact Us

Search the Site
Site Map

CVE List

About CVE Identifiers
Editorial Policies
Data Sources
Reference Key/Maps
Search Tips
Updates & RSS Feeds
Request a CVE Identifier

Items of Interest

Terminology
NVD

CVE-ID
CVE-2012-2098	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20120523 [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability URL:archives.neohapsis.com/archives/bugtraq/2012-05/0130.html MISC:packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html CONFIRM:ant.apache.org/security.html CONFIRM:commons.apache.org/compress/security.html FEDORA:FEDORA-2012-8428 URL:lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html FEDORA:FEDORA-2012-8465 URL:lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html BID:53676 URL:www.securityfocus.com/bid/53676 OSVDB:82161 URL:osvdb.org/82161 SECTRACK:1027096 URL:www.securitytracker.com/id?1027096 SECUNIA:49255 URL:secunia.com/advisories/49255 SECUNIA:49286 URL:secunia.com/advisories/49286 XF:apache-commons-ant-bzip2-dos(75857) URL:xforce.iss.net/xforce/xfdb/75857
Date Entry Created
20120404	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120404)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

-->

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2013, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration.

Site Map
Privacy policy
Terms of use
Contact us