CVE-2019-12402
- Source
- https://cve.org/CVERecord?id=CVE-2019-12402
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12402.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-12402
- Aliases
- Downstream
- Related
- Published
- 2019-08-30T09:15:17.910Z
- Modified
- 2026-05-18T05:50:36.611742255Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "30" }, { "last_affected": "31" } ], "source": "CPE_FIELD", "vendor_product": "fedoraproject:fedora", "cpes": [ "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "introduced": "14.1.0" }, { "last_affected": "14.4.0" } ], "source": "CPE_FIELD", "vendor_product": "oracle:banking_payments", "cpes": [ "cpe:2.3:a:oracle:banking_payments:*:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "2.6.2" }, { "last_affected": "2.7.0" }, { "last_affected": "2.8.0" }, { "last_affected": "2.9.0" } ], "cpes": [ "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:banking_platform" }, { "extracted_events": [ { "introduced": "8.2.0" }, { "last_affected": "8.2.2" } ], "source": "CPE_FIELD", "vendor_product": "oracle:communications_element_manager", "cpes": [ "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "7.3.0" }, { "last_affected": "7.4.0" } ], "source": "CPE_FIELD", "vendor_product": "oracle:communications_ip_service_activator", "cpes": [ "cpe:2.3:a:oracle:communications_ip_service_activator:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "introduced": "8.2.0" }, { "last_affected": "8.2.2" } ], "source": "CPE_FIELD", "vendor_product": "oracle:communications_session_report_manager", "cpes": [ "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "introduced": "8.2.0" }, { "last_affected": "8.2.2" } ], "source": "CPE_FIELD", "vendor_product": "oracle:communications_session_route_manager", "cpes": [ "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "18.0" } ], "source": "CPE_FIELD", "vendor_product": "oracle:customer_management_and_segmentation_foundation", "cpes": [ "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "21.2" } ], "source": "CPE_FIELD", "vendor_product": "oracle:essbase", "cpes": [ "cpe:2.3:a:oracle:essbase:21.2:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "12.1.0" }, { "last_affected": "12.3.0" }, { "last_affected": "12.4.0" }, { "last_affected": "14.0.0" }, { "last_affected": "14.1.0" } ], "cpes": [ "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:flexcube_investor_servicing" }, { "extracted_events": [ { "last_affected": "12.0.0" }, { "last_affected": "12.1.0" } ], "cpes": [ "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:flexcube_private_banking" }, { "extracted_events": [ { "last_affected": "11.1.2.4" } ], "source": "CPE_FIELD", "vendor_product": "oracle:hyperion_infrastructure_technology", "cpes": [ "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "12.2.1.4.0" } ], "cpes": [ "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:jdeveloper" }, { "extracted_events": [ { "last_affected": "8.56" }, { "last_affected": "8.57" }, { "last_affected": "8.58" } ], "cpes": [ "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "vendor_product": "oracle:peoplesoft_enterprise_pt_peopletools" }, { "extracted_events": [ { "introduced": "18.8.0" }, { "last_affected": "18.8.8" }, { "last_affected": "19.12.0" } ], "source": "CPE_FIELD", "vendor_product": "oracle:primavera_gateway", "cpes": [ "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "16.0" } ], "source": "CPE_FIELD", "vendor_product": "oracle:retail_integration_bus", "cpes": [ "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "last_affected": "15.0" }, { "last_affected": "16.0" }, { "last_affected": "17.0" }, { "last_affected": "18.0" }, { "last_affected": "19.0" } ], "vendor_product": "oracle:retail_xstore_point_of_service", "cpes": [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD" }, { "extracted_events": [ { "last_affected": "12.2.1.3.0" }, { "last_affected": "12.2.1.4.0" } ], "source": "CPE_FIELD", "vendor_product": "oracle:webcenter_portal", "cpes": [ "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*" ] } ] }- References
-
- https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E
- https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E
- https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E
- https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/
- https://security.netapp.com/advisory/ntap-20230818-0001/
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpuoct2021.html