{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2019-12402","assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","dateUpdated":"2024-08-04T23:17:39.992Z","dateReserved":"2019-05-28T00:00:00.000Z","datePublished":"2019-08-29T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache","dateUpdated":"2023-08-18T13:06:40.207Z"},"descriptions":[{"lang":"en","value":"The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress."}],"affected":[{"vendor":"Apache Software Foundation","product":"Apache Commons Compress","versions":[{"version":"1.15 to 1.18","status":"affected"}]}],"references":[{"name":"[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"},{"name":"FEDORA-2019-c96a8d12b0","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"},{"name":"FEDORA-2019-da0eac1eb6","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"},{"name":"[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"},{"name":"[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"},{"name":"[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"},{"name":"[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version","tags":["mailing-list"],"url":"https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"url":"https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E"},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://security.netapp.com/advisory/ntap-20230818-0001/"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"denial of service vulnerability"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T23:17:39.992Z"},"title":"CVE Program Container","references":[{"name":"[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"},{"name":"FEDORA-2019-c96a8d12b0","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"},{"name":"FEDORA-2019-da0eac1eb6","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"},{"name":"[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"},{"name":"[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"},{"name":"[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"},{"name":"[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"},{"name":"[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"},{"name":"[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version","tags":["mailing-list","x_transferred"],"url":"https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"},{"url":"https://www.oracle.com/security-alerts/cpuapr2020.html","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpujul2020.html","tags":["x_transferred"]},{"url":"https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpujan2021.html","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuApr2021.html","tags":["x_transferred"]},{"url":"https://www.oracle.com//security-alerts/cpujul2021.html","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2021.html","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20230818-0001/","tags":["x_transferred"]}]}]}}