7.5

CVE-2019-12402

EPSS 0.38%
Veröffentlicht 30.08.2019 09:15:17
Zuletzt bearbeitet 21.11.2024 04:22:45
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 33

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Commons Compress Version >= 1.15 <= 1.18

Fedoraproject ≫ Fedora Version30

Fedoraproject ≫ Fedora Version31

Oracle ≫ Banking Payments Version >= 14.1.0 <= 14.4.0

Oracle ≫ Banking Platform Version2.6.2

Oracle ≫ Banking Platform Version2.7.0

Oracle ≫ Banking Platform Version2.8.0

Oracle ≫ Banking Platform Version2.9.0

Oracle ≫ Communications Element Manager Version >= 8.2.0 <= 8.2.2

Oracle ≫ Communications Ip Service Activator Version7.3.0

Oracle ≫ Communications Ip Service Activator Version7.4.0

Oracle ≫ Communications Session Report Manager Version >= 8.2.0 <= 8.2.2

Oracle ≫ Communications Session Route Manager Version >= 8.2.0 <= 8.2.2

Oracle ≫ Customer Management And Segmentation Foundation Version18.0

Oracle ≫ Essbase Version21.2

Oracle ≫ Flexcube Investor Servicing Version12.1.0

Oracle ≫ Flexcube Investor Servicing Version12.3.0

Oracle ≫ Flexcube Investor Servicing Version12.4.0

Oracle ≫ Flexcube Investor Servicing Version14.0.0

Oracle ≫ Flexcube Investor Servicing Version14.1.0

Oracle ≫ Flexcube Private Banking Version12.0.0

Oracle ≫ Flexcube Private Banking Version12.1.0

Oracle ≫ Hyperion Infrastructure Technology Version11.1.2.4

Oracle ≫ Jdeveloper Version12.2.1.4.0

Oracle ≫ Peoplesoft Enterprise Pt Peopletools Version8.56

Oracle ≫ Peoplesoft Enterprise Pt Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Pt Peopletools Version8.58

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.8

Oracle ≫ Primavera Gateway Version19.12.0

Oracle ≫ Retail Integration Bus Version15.0

Oracle ≫ Retail Integration Bus Version16.0

Oracle ≫ Retail Xstore Point Of Service Version15.0

Oracle ≫ Retail Xstore Point Of Service Version16.0

Oracle ≫ Retail Xstore Point Of Service Version17.0

Oracle ≫ Retail Xstore Point Of Service Version18.0

Oracle ≫ Retail Xstore Point Of Service Version19.0

Oracle ≫ Webcenter Portal Version12.2.1.3.0

Oracle ≫ Webcenter Portal Version12.2.1.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.589

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E

https://www.oracle.com/security-alerts/cpujan2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Third Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory

Not Applicable

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E

https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Third Party Advisory

https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E

https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E

https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E

https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E

https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/

https://security.netapp.com/advisory/ntap-20230818-0001/

https://nvd.nist.gov/vuln/detail/CVE-2019-12402

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12402

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12402

EUVD