VDB
DEBIAN-CVE-2018-1324
DEBIAN-CVE-2018-1324
PUBLISHED
CVSS 5.5 MEDIUM
A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package.
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | libcommons-compress-java | 0, 0, 0 |
| Debian:12 | libcommons-compress-java | 0, 0, 0 |
| Debian:11 | libcommons-compress-java | 0, 0, 0 |
| Debian:13 | libcommons-compress-java | 0, 0, 0 |
Timeline
- Mar 16, 2018 CVE Published
- Apr 28, 2026 CVE Updated