Bug 2264988 (CVE-2024-25710) - CVE-2024-25710 commons-compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Summary: CVE-2024-25710 commons-compress: Denial of service caused by an infinite loop...
Keywords:
Status: NEW
Alias: CVE-2024-25710
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2264987
TreeView+ depends on / blocked
 
Reported: 2024-02-19 20:32 UTC by Patrick Del Bello
Modified: 2025-05-14 17:51 UTC (History)
125 users (show)

Fixed In Version: Apache Commons Compress 1.26
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2024:1509 0 None None None 2024-03-26 11:16:00 UTC
Red Hat Product Errata RHSA-2024:1662 0 None None None 2024-04-03 10:53:14 UTC
Red Hat Product Errata RHSA-2024:1797 0 None None None 2024-04-22 10:59:30 UTC
Red Hat Product Errata RHSA-2024:1924 0 None None None 2024-04-18 11:44:04 UTC
Red Hat Product Errata RHSA-2024:2833 0 None None None 2024-05-14 09:08:09 UTC
Red Hat Product Errata RHSA-2024:3527 0 None None None 2024-05-30 20:25:51 UTC
Red Hat Product Errata RHSA-2024:3989 0 None None None 2024-06-20 00:35:34 UTC
Red Hat Product Errata RHSA-2024:4057 0 None None None 2024-06-24 01:38:40 UTC
Red Hat Product Errata RHSA-2025:7625 0 None None None 2025-05-14 17:51:31 UTC

Description Patrick Del Bello 2024-02-19 20:32:14 UTC 
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.

Users are recommended to upgrade to version 1.26.0 which fixes the issue.

http://www.openwall.com/lists/oss-security/2024/02/19/1
https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf
Comment 6 errata-xmlrpc 2024-03-26 11:15:54 UTC 
This issue has been addressed in the following products:

  Red Hat Data Grid

Via RHSA-2024:1509 https://access.redhat.com/errata/RHSA-2024:1509
Comment 7 errata-xmlrpc 2024-04-03 10:53:09 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 3.2.11

Via RHSA-2024:1662 https://access.redhat.com/errata/RHSA-2024:1662
Comment 8 errata-xmlrpc 2024-04-18 11:43:59 UTC 
This issue has been addressed in the following products:

  Migration Toolkit for Runtimes 1 on RHEL 8

Via RHSA-2024:1924 https://access.redhat.com/errata/RHSA-2024:1924
Comment 9 errata-xmlrpc 2024-04-22 10:59:25 UTC 
This issue has been addressed in the following products:

  Red Hat build of Quarkus 2.13.9.SP2

Via RHSA-2024:1797 https://access.redhat.com/errata/RHSA-2024:1797
Comment 17 errata-xmlrpc 2024-05-14 09:08:03 UTC 
This issue has been addressed in the following products:

  RHINT Service Registry 2.5.11 GA

Via RHSA-2024:2833 https://access.redhat.com/errata/RHSA-2024:2833
Comment 19 errata-xmlrpc 2024-05-30 20:25:44 UTC 
This issue has been addressed in the following products:

  Red Hat AMQ Streams 2.7.0

Via RHSA-2024:3527 https://access.redhat.com/errata/RHSA-2024:3527
Comment 20 errata-xmlrpc 2024-06-20 00:35:26 UTC 
This issue has been addressed in the following products:

  MTA-6.2-RHEL-9
  MTA-6.2-RHEL-8

Via RHSA-2024:3989 https://access.redhat.com/errata/RHSA-2024:3989
Comment 21 errata-xmlrpc 2024-06-24 01:38:32 UTC 
This issue has been addressed in the following products:

  RHOSS-1.33-RHEL-8

Via RHSA-2024:4057 https://access.redhat.com/errata/RHSA-2024:4057
Comment 28 errata-xmlrpc 2025-05-14 17:51:20 UTC 
This issue has been addressed in the following products:

  Red Hat AMQ Broker 7.13.0

Via RHSA-2025:7625 https://access.redhat.com/errata/RHSA-2025:7625
Note You need to log in before you can comment on or make changes to this bug.