CVE-2024-25710
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
19/02/2024
Last modified:
13/02/2025
Description
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.
Impact
Base Score 3.x
8.10
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:* | 1.3 (including) | 1.26.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2024/02/19/1
- https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
- https://security.netapp.com/advisory/ntap-20240307-0010/
- http://www.openwall.com/lists/oss-security/2024/02/19/1
- https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
- https://security.netapp.com/advisory/ntap-20240307-0010/