Hi,
Are there any more details on this issue? For instance, under what
circumstances would an application that uses the commons-compress library be
vulnerable? The subject line hints that the flaw is specific to the Dump
format. Is that correct? Are there any options that need to be enabled/disabled
for the application to vulnerable?
Also, is it correct that this is related to what was reported in
https://issues.apache.org/jira/browse/COMPRESS-632 and was fixed in
https://github.com/apache/commons-compress/pull/442 ?
Best Regards
Magnus Reftel
On 2024/02/19 01:25:47 "Gary D. Gregory" wrote:
> Severity: important
>
> Affected versions:
>
> - Apache Commons Compress 1.3 through 1.25.0
>
> Description:
>
> Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in
> Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3
> through 1.25.0.
>
> Users are recommended to upgrade to version 1.26.0 which fixes the issue.
>
> Credit:
>
> Yakov Shafranovich, Amazon Web Services (reporter)
>
> References:
>
> https://commons.apache.org/
> https://www.cve.org/CVERecord?id=CVE-2024-25710
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> user-unsubscr...@commons.apache.org<mailto:user-unsubscr...@commons.apache.org>
> For additional commands, e-mail:
> user-h...@commons.apache.org<mailto:user-h...@commons.apache.org>
>
>
________________________________
Denne e-posten og eventuelle vedlegg er beregnet utelukkende for den
institusjon eller person den er rettet til og kan vaere belagt med lovbestemt
taushetsplikt. Dersom e-posten er feilsendt, vennligst slett den og kontakt
Skatteetaten.
The contents of this email message and any attachments are intended solely for
the addressee(s) and may contain confidential information and may be legally
protected from disclosure. If you are not the intended recipient of this
message, please immediately delete the message and alert the Norwegian Tax
Administration.
