/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2018-11771

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2018-11771

CGA ID

CGA-jrq7-xr5x-r5v5

Severity

Unknown

Description

When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs