When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2018-08-16T00:00:00
Updated: 2022-02-07T14:40:01
Reserved: 2018-06-05T00:00:00
Link: CVE-2018-11771
JSON object: View
NVD Information
Status : Modified
Published: 2018-08-16T15:29:00.230
Modified: 2023-11-07T02:51:45.690
Link: CVE-2018-11771
JSON object: View
Redhat Information
No data.
CWE