CVE-2018-1324
Description
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress zip package.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.665
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0 | Windows |
| Vulnerabilities CVE-2018-1324 are fixed in Apache-commons-compress 1.16 | Windows |
| Vulnerabilities CVE-2018-1324 are fixed in Liferay-com.liferay.portal.tools.bundle.support 3.7.4 | Windows |
| Vulnerabilities CVE-2018-1324,CVE-2022-21490,CVE-2022-21550 are affected in MySQL Cluster 7.4.34 | Windows |
| Vulnerabilities CVE-2018-1324,CVE-2022-21490,CVE-2022-21550 are affected in MySQL Cluster 7.5.24 | Windows |
| Vulnerabilities CVE-2018-1324,CVE-2022-21490,CVE-2022-21550 are affected in MySQL Cluster 7.6.20 | Windows |
| Vulnerabilities CVE-2018-1324,CVE-2022-21490 are affected in MySQL Cluster 8.0.27 | Windows |
| Vulnerabilities CVE-2018-1324 are affected in Takari - commons-compress 1.12 | Windows |
| Vulnerabilities CVE-2018-1324 are fixed in Apache-commons-compress for Linux 1.16 | Linux |
| Vulnerabilities CVE-2018-1324 are fixed in Liferay-com.liferay.portal.tools.bundle.support for Linux 3.7.4 | Linux |
| Vulnerabilities CVE-2018-1324 are affected in Takari - commons-compress for Linux 1.12 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234