https://bugzilla.redhat.com/show_bug.cgi?id=1981903
Garrett Tucker <gtucker(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version| |apache-commons-compress-1.2
| |1
--- Comment #2 from Garrett Tucker <gtucker(a)redhat.com> ---
After analysis, a Denial of Service attack is possible via excessive memory
allocated caused by a crafted tar archive. An ongoing method of allocating an
array then trying to fill it, combined with a lack of checks of PAX header
value size allowed for excessive memory allocation. Thus a specially crafted
archive could force excessive memory allocation impacting availability of a
system.
This flaw has been fixed in Version 1.21
--
You are receiving this mail because:
You are on the CC list for the bug.