### [CVE-2012-2098](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.

### POC

#### Reference
- http://packetstormsecurity.org/files/113014/Apache-Commons-Compress-Apache-Ant-Denial-Of-Service.html
- http://www-01.ibm.com/support/docview.wss?uid=swg21644047
- https://www.oracle.com/security-alerts/cpujan2021.html

#### Github
- https://github.com/Anonymous-Phunter/PHunter
- https://github.com/BrunoBonacci/lein-binplus
- https://github.com/CGCL-codes/PHunter
- https://github.com/LibHunter/LibHunter
- https://github.com/markus-wa/clj-bin