{
    "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "DATE_PUBLIC": "2018-03-16T00:00:00",
        "ID": "CVE-2018-1324",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Apache Commons Compress",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "1.11 to 1.15"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Apache Software Foundation"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A specially crafted ZIP archive can be used to cause an infinite loop inside of Apache Commons Compress' extra field parser used by the ZipFile and ZipArchiveInputStream classes in versions 1.11 to 1.15. This can be used to mount a denial of service attack against services that use Compress' zip package."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Denial of Service"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "1040549",
                "refsource": "SECTRACK",
                "url": "http://www.securitytracker.com/id/1040549"
            },
            {
                "name": "[dev] 20180316 [CVE-2018-1324] Apache Commons Compress denial of service vulnerability",
                "refsource": "MLIST",
                "url": "https://lists.apache.org/thread.html/1c7b6df6d1c5c8583518a0afa017782924918e4d6acfaf23ed5b2089@%3Cdev.commons.apache.org%3E"
            },
            {
                "name": "103490",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/103490"
            },
            {
                "refsource": "MLIST",
                "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1",
                "url": "https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[creadur-dev] 20190530 [Discuss] RAT-244 - update to language level 1.7 due to CVE issues in RAT",
                "url": "https://lists.apache.org/thread.html/b8ef29df0f1d55aa741170748352ae8e425c7b1d286b2f257711a2dd@%3Cdev.creadur.apache.org%3E"
            },
            {
                "refsource": "MLIST",
                "name": "[beam-issues] 20200421 [jira] [Closed] (BEAM-3873) Current version of commons-compress is DOS vulnerable CVE-2018-1324",
                "url": "https://lists.apache.org/thread.html/r5532dc8d5456b5151e8c286801e2e5769f5c04118b29c3b5d13ea387@%3Cissues.beam.apache.org%3E"
            },
            {
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html",
                "refsource": "MISC",
                "name": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
        ]
    }
}