CVE-2012-2098

Apache Commons Compress < 1.4.1 - Denial of Service via BZip2CompressorOutputStream Sorting Algorithm

Title source: llm
STIX 2.1

Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

References (18)

Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/75857
Broken Link vdb-entry
http://osvdb.org/82161
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/53676
Third Party Advisory, VDB Entry vdb-entry
http://www.securitytracker.com/id?1027096
Vendor Advisory third-party-advisory
http://secunia.com/advisories/49255
Third Party Advisory third-party-advisory
http://secunia.com/advisories/49286

Scores

EPSS 0.1261
EPSS Percentile 95.8%

Details

CWE
CWE-310
Status published
Products (2)
apache/commons_compress < 1.4.1
org.apache.commons/commons-compress 0 - 1.4.1Maven
Published Jun 29, 2012
Tracked Since Feb 18, 2026