VDB
CVE-2018-1324
CVE-2018-1324
PUBLISHED
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
EPSS 1.67% · 82.5th percentile
Risk Scores
EPSS Score
1.67%
82.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | libcommons-compress-java | 1.10-1, 1.9-1, 0 |
| Ubuntu:22.04:LTS | libcommons-compress-java | 0, 1.20-1, 1.21-1 |
| Ubuntu:24.04:LTS | libcommons-compress-java | 1.25.0-1, 1.24.0-1, 1.23.0-1 |
| Ubuntu:25.10 | libcommons-compress-java | 0, 1.27.1-2 |
| Ubuntu:20.04:LTS | libcommons-compress-java | 1.18-3, 1.19-1, 0 |
Exploit Intelligence
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc-repo)
- tafamace/CVE-2018-1324 (github-poc)
- tafamace/CVE-2018-1324 (github-poc)
…and 4 more exploits
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
- Sep 15, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1324 third-party-advisory
- https://lists.apache.org/thread.html/1c7b6df6d1c5c8583518a0afa017782924918e4d6acfaf23ed5b2089@%3Cdev.commons.apache.org%3E third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1324 third-party-advisory