CVE-2024-25710

HIGH8.1Denial of service

Description

Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Apache Software Foundation / Apache Commons Compress1.3 – 1.25.0

References

MAILING_LISThttps://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/02/19/1
MISChttps://security.netapp.com/advisory/ntap-20240307-0010/