| Durante la lettura di un archivio ZIP appositamente predisposto, il metodo di lettura di Apache Commons Compress 1,7-1,17 di ZipArchiveInputStream può fallire per riportare l’indicazione corretta EOF dopo la fine del flusso è stata raggiunta. Se combinato con un java.io.InputStreamReader questo può portare ad un flusso infinito, che può essere usato per montare un attacco denial of service contro i servizi che utilizzano pacchetto zip Compress’. |
| http://www.securityfocus.com/bid/105139 https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.commons.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cnotifications.commons.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cdev.creadur.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Ccommits.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cdev.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cdev.tinkerpop.apache.org%3E https://lists.apache.org/thread.html/[email protected]%3Cdev.tinkerpop.apache.org%3E http://www.securitytracker.com/id/1041503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11771 |
Vulnerabilità: CVE-2018-11771
