The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
18 Aug 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 May 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Not Applicable, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265@%3Cissues.flink.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2021.html - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5@%3Csolr-user.lucene.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55@%3Csolr-user.lucene.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53@%3Cdev.brooklyn.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2020.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea@%3Ccommits.creadur.apache.org%3E - Issue Tracking, Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujul2020.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3@%3Cissues.flink.apache.org%3E - Issue Tracking, Mailing List, Third Party Advisory | |
References | (N/A) https://www.oracle.com/security-alerts/cpuapr2020.html - Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:* |
|
First Time |
Oracle flexcube Investor Servicing
Fedoraproject fedora Oracle flexcube Private Banking Oracle communications Element Manager Oracle retail Integration Bus Oracle communications Session Route Manager Oracle communications Session Report Manager Oracle customer Management And Segmentation Foundation Oracle banking Payments Oracle primavera Gateway Oracle retail Xstore Point Of Service Oracle essbase Oracle webcenter Portal Oracle hyperion Infrastructure Technology Oracle peoplesoft Enterprise Pt Peopletools Oracle jdeveloper Fedoraproject Oracle banking Platform Oracle communications Ip Service Activator Oracle |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Jan 2021, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-08-30 09:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-12402
Mitre link : CVE-2019-12402
CVE.ORG link : CVE-2019-12402
JSON object : View
Products Affected
oracle
- jdeveloper
- flexcube_private_banking
- hyperion_infrastructure_technology
- communications_session_route_manager
- flexcube_investor_servicing
- banking_platform
- communications_element_manager
- primavera_gateway
- communications_ip_service_activator
- banking_payments
- webcenter_portal
- communications_session_report_manager
- peoplesoft_enterprise_pt_peopletools
- retail_xstore_point_of_service
- essbase
- retail_integration_bus
- customer_management_and_segmentation_foundation
fedoraproject
- fedora
apache
- commons_compress
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')