CGA-7whg-52mh-4qp2

Published

Last updated

https://images.chainguard.dev/security/CGA-7whg-52mh-4qp2

Package

hadoop-fips-3.3.6

Repository

Chainguard

Latest Update

Fix not planned

Aliases

CVE-2018-1324
GHSA-h436-432x-8fvx

Severity

Unknown

Summary

Apache Commons Compress vulnerable to denial of service due to infinite loop

Description

A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.

References

https://nvd.nist.gov/vuln/detail/CVE-2018-1324
https://github.com/advisories/GHSA-h436-432x-8fvx
https://github.com/apache/commons-compress/commit/2a2f1dc48e22a34ddb72321a4db211da91aa933b
https://arxiv.org/pdf/2306.05534.pdf
https://github.com/apache/commons-compress
https://github.com/jensdietrich/xshady-release/tree/main/CVE-2018-1324
https://lists.apache.org/thread.html/1c7b6df6d1c5c8583518a0afa017782924918e4d6acfaf23ed5b2089@%3Cdev.commons.apache.org%3E
https://lists.apache.org/thread.html/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
https://lists.apache.org/thread.html/r5532dc8d5456b5151e8c286801e2e5769f5c04118b29c3b5d13ea387@%3Cissues.beam.apache.org%3E

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-7whg-52mh-4qp2

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources