PT-2022-16764 · Zip4J+1 · Zip4J+1

Published

2022-02-24

Updated

2022-04-19

CVE-2022-24615

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions zip4j versions up to 2.10.0

Description The issue allows an attacker to throw various uncaught exceptions while parsing a specially crafted ZIP file, potentially resulting in an application crash. This could be used to mount a denial of service attack against services that use the zip4j library.

Recommendations For zip4j versions up to 2.10.0, update to a version that contains a fix for this issue to prevent potential application crashes and denial of service attacks.

Fix

DoS

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-755CWE-248

Related Identifiers

CVE-2022-24615

GHSA-Q62H-JW38-24VH

Affected Products

Debian

Zip4J

PT-2022-16764 · Zip4J+1 · Zip4J+1

CVE-2022-24615

Weakness Enumeration

Related Identifiers

Affected Products

References · 11