Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2012-2098

Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

POC

Reference

- http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html

- http://www-01.ibm.com/support/docview.wss?uid=swg21644047

- https://www.oracle.com/security-alerts/cpujan2021.html

Github

- https://github.com/A-TPL-Bench/LibHunter

- https://github.com/Anonymous-Phunter/PHunter

- https://github.com/BrunoBonacci/lein-binplus

- https://github.com/CGCL-codes/LibHunter

- https://github.com/CGCL-codes/PHunter

- https://github.com/LibHunter/LibHunter

- https://github.com/markus-wa/clj-bin