漏洞信息详情
Apachee Commons Compress 资源管理错误漏洞
- CNNVD编号:CNNVD-201808-513
- 危害等级: 中危
- CVE编号: CVE-2018-11771
- 漏洞类型: 资源管理错误
- 发布时间: 2018-08-17
- 威胁类型: 本地
- 更新时间: 2022-04-19
- 厂 商:
- 漏洞来源: Red Hat
漏洞简介
Apachee Commons Compress是美国阿帕奇(Apache)基金会的一个用于处理压缩文件的库。
Apachee Commons Compress 1.7版本至1.17版本中存在资源管理错误漏洞,该漏洞源于在数据流结束后,ZipArchiveInputStream的读取方法没有返回正确的文件结束符指示。攻击者可通过发送特制的ZIP归档文件利用该漏洞造成拒绝服务。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://lists.apache.org/thread.HTML/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E
参考网址
来源:MLIST
链接:https://lists.apache.org/thread.HTML/c7954dc1e8fafd7ca1449f078953b419ebf8936e087f235f3bd024be@%3Ccommits.tinkerpop.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/b907e70bc422905d7962fd18f863f746bf7b4e7ed9da25c148580c61@%3Cnotifications.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/f9cdd32af7d73e943452167d15801db39e8130409ebb9efb243b3f41@%3Ccommits.tinkerpop.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/e3eae9e6fc021c4c22dda59a335d21c12eecab480b48115a2f098ef6@%3Ccommits.tinkerpop.apache.org%3E
来源:MISC
链接:https://www.oracle.com/security-alerts/cpujan2022.HTML
来源:MLIST
链接:https://lists.apache.org/thread.HTML/0adb631517766e793e18a59723e2df08ced41eb9a57478f14781c9f7@%3Cdev.tinkerpop.apache.org%3E
来源:BID
链接:http://www.securityfocus.com/bid/105139
来源:MLIST
链接:https://lists.apache.org/thread.HTML/6c79965066c30d4e330e04d911d3761db41b82c89ae38d9a6b37a6f1@%3Cdev.tinkerpop.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/714c6ac1b1b50f8557e7342903ef45f1538a7bc60a0b47d6e48c273d@%3Ccommits.tinkerpop.apache.org%3E
来源:BID
链接:https://www.securityfocus.com/bid/105139
来源:MLIST
链接:https://lists.apache.org/thread.HTML/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/3565494c263dfeb4dcb2a71cb24d09a1ca285cd6ac74edc025a3af8a@%3Ccommits.tinkerpop.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/eeecc1669242b28a3777ae13c68b376b0148d589d3d8170340d61120@%3Cdev.tinkerpop.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/b8da751fc0ca949534cdf2744111da6bb0349d2798fac94b0a50f330@%3Cannounce.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.HTML/f28052d04cb8dbaae39bfd3dc8438e58c2a8be306a3f381f4728d7c1@%3Ccommits.commons.apache.org%3E
来源:SECTRACK
链接:http://www.securitytracker.com/id/1041503
来源:MLIST
链接:https://lists.apache.org/thread.HTML/35f60d6d0407c13c39411038ba1aca71d92595ed7041beff4d07f2ee@%3Ccommits.tinkerpop.apache.org%3E
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1118283
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1086039
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-3/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation-2/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-dependent-libraries-affect-ibm-db2-leading-to-denial-of-service-or-privilege-escalation/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1427/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.4588/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-db2-warehouse-has-released-a-fix-in-response-to-multiple-vulnerabilities-found-in-ibm-db2/
来源:www.ibm.com
链接:http://www.ibm.com/support/docview.wss?uid=ibm10883280
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-have-been-identified-in-db2-that-affect-the-ibm-performance-management-product/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-open-source-used-in-ibm-cloud-pak-system/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities-3/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1076/
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-ibm-planning-analytics/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156941/Red-Hat-Security-Advisory-2020-0983-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2019.1964/
受影响实体
暂无
补丁
- Apache Commons Compress 安全漏洞的修复措施
评论