PT-2024-2688 · Apache+2 · Apache Commons Compress+2

Yakov Shafranovich

Published

2024-02-19

Updated

2026-05-18

CVE-2024-26308

CVSS v4.0

6.7

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Commons Compress versions 1.21 through 1.25

Description The issue is related to an uncontrolled resource consumption vulnerability in Apache Commons Compress, which can be exploited by an attacker to impact the availability of protected information. This occurs when a damaged Pack200 file is unpacked.

Recommendations To resolve the issue, users are recommended to upgrade to version 1.26, which fixes the problem.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2024-02799

CLEANSTART-2026-IA43044

CLEANSTART-2026-SQ91016

CLEANSTART-2026-WK99982

CVE-2024-26308

GHSA-4265-CCF5-PHJ5

OPENSUSE-SU-2024:13702-1

SUSE-SU-2024:0726-1

Affected Products

Apache Commons Compress

Debian

Suse

PT-2024-2688 · Apache+2 · Apache Commons Compress+2

CVE-2024-26308

Weakness Enumeration

Related Identifiers

Affected Products

References · 186