What is CVE-2012-2098?

CVE-2012-2098 is a vulnerability in Apache Commons_compress, classified under Cryptographic Issues. Published 2012-06-29.

Is CVE-2012-2098 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Commons_compress

CVE-2012-2098

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a f…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.125 (95.7th percentile) — read the EPSS interpretation.

Affected products

Apache Commons_compress
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

Public proof-of-concept exploits

References

secalert@redhat.com (vendor-advisory, Third Party Advisory)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry)
secalert@redhat.com (vendor-advisory, Third Party Advisory)
secalert@redhat.com (mailing-list, Third Party Advisory)
secalert@redhat.com (vdb-entry, Broken Link)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry)
secalert@redhat.com (VDB Entry, Third Party Advisory, vdb-entry)
secalert@redhat.com (Vendor Advisory, third-party-advisory)
secalert@redhat.com (vendor-advisory, Third Party Advisory)
secalert@redhat.com (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2012-2098?: CVE-2012-2098 is a vulnerability in Apache Commons_compress, classified under Cryptographic Issues. Published 2012-06-29.
Is CVE-2012-2098 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.