{
    "dataType": "CVE_RECORD",
    "dataVersion": "5.1",
    "cveMetadata": {
        "state": "PUBLISHED",
        "cveId": "CVE-2019-12402",
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "dateUpdated": "2024-08-04T23:17:39.992Z",
        "dateReserved": "2019-05-28T00:00:00",
        "datePublished": "2019-08-29T00:00:00"
    },
    "containers": {
        "cna": {
            "providerMetadata": {
                "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
                "shortName": "apache",
                "dateUpdated": "2023-08-18T13:06:40.207792"
            },
            "descriptions": [
                {
                    "lang": "en",
                    "value": "The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs. This can lead to a denial of service attack if an attacker can choose the file names inside of an archive created by Compress."
                }
            ],
            "affected": [
                {
                    "vendor": "Apache Software Foundation",
                    "product": "Apache Commons Compress",
                    "versions": [
                        {
                            "version": "1.15 to 1.18",
                            "status": "affected"
                        }
                    ]
                }
            ],
            "references": [
                {
                    "name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"
                },
                {
                    "name": "FEDORA-2019-c96a8d12b0",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"
                },
                {
                    "name": "FEDORA-2019-da0eac1eb6",
                    "tags": [
                        "vendor-advisory"
                    ],
                    "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"
                },
                {
                    "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"
                },
                {
                    "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
                },
                {
                    "name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
                },
                {
                    "name": "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version",
                    "tags": [
                        "mailing-list"
                    ],
                    "url": "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"
                },
                {
                    "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
                },
                {
                    "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
                },
                {
                    "url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E"
                },
                {
                    "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
                },
                {
                    "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
                },
                {
                    "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
                },
                {
                    "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
                },
                {
                    "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
                },
                {
                    "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
                },
                {
                    "url": "https://security.netapp.com/advisory/ntap-20230818-0001/"
                }
            ],
            "problemTypes": [
                {
                    "descriptions": [
                        {
                            "type": "text",
                            "lang": "en",
                            "description": "denial of service vulnerability"
                        }
                    ]
                }
            ]
        },
        "adp": [
            {
                "providerMetadata": {
                    "orgId": "af854a3a-2127-422b-91ae-364da2661108",
                    "shortName": "CVE",
                    "dateUpdated": "2024-08-04T23:17:39.992Z"
                },
                "title": "CVE Program Container",
                "references": [
                    {
                        "name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea%40%3Ccommits.creadur.apache.org%3E"
                    },
                    {
                        "name": "FEDORA-2019-c96a8d12b0",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/"
                    },
                    {
                        "name": "FEDORA-2019-da0eac1eb6",
                        "tags": [
                            "vendor-advisory",
                            "x_transferred"
                        ],
                        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZB3GB7YXIOUKIOQ27VTIP6KKGJJ3CKL/"
                    },
                    {
                        "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200306 [GitHub] [flink] nielsbasjes opened a new pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r5caf4fcb69d2749225391e61db7216282955204849ba94f83afe011f%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rcc35ab6be300365de5ff9587e0479d10d7d7c79070921837e3693162%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200306 [GitHub] [flink] flinkbot commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/re13bd219dd4b651134f6357f12bd07a0344eea7518c577bbdd185265%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200310 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r5103b1c9242c0f812ac96e524344144402cbff9b6e078d1557bc7b1e%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r590c15cebee9b8e757e2f738127a9a71e48ede647a3044c504e050a4%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200311 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r05cf37c1e1e662e968cfece1102fcd50fe207181fdbf2c30aadfafd3%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200311 [GitHub] [flink] flinkbot edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rdebc1830d6c09c11d5a4804ca26769dbd292d17d361c61dea50915f0%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200311 [GitHub] [flink] nielsbasjes edited a comment on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rd3f99d732baed459b425fb0a9e9e14f7843c9459b12037e4a9d753b5%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200312 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r21d64797914001119d2fc766b88c6da181dc2308d20f14e7a7f46117%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200312 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r233267e24519bacd0f9fb9f61a1287cb9f4bcb6e75d83f34f405c521%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200313 [GitHub] [flink] GJL commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r25422df9ad22fec56d9eeca3ab8bd6d66365e9f6bfe311b64730edf5%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200313 [GitHub] [flink] zentol commented on issue #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r972f82d821b805d04602976a9736c01b6bf218cfe0c3f48b472db488%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[flink-issues] 20200313 [GitHub] [flink] GJL closed pull request #11333: [FLINK-14121] Update commons-compress because of CVE-2019-12402",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r4363c994c8bca033569a98da9218cc0c62bb695c1e47a98e5084e5a0%40%3Cissues.flink.apache.org%3E"
                    },
                    {
                        "name": "[lucene-solr-user] 20200320 CVEs (vulnerabilities) that apply to Solr 8.4.1",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r204ba2a9ea750f38d789d2bb429cc0925ad6133deea7cbc3001d96b5%40%3Csolr-user.lucene.apache.org%3E"
                    },
                    {
                        "name": "[lucene-solr-user] 20200320 Re: CVEs (vulnerabilities) that apply to Solr 8.4.1",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/rf5230a049d989dbfdd404b4320a265dceeeba459a4d04ec21873bd55%40%3Csolr-user.lucene.apache.org%3E"
                    },
                    {
                        "name": "[brooklyn-dev] 20200403 [GitHub] [brooklyn-server] nakomis opened a new pull request #1089: Bumps commons-compress version",
                        "tags": [
                            "mailing-list",
                            "x_transferred"
                        ],
                        "url": "https://lists.apache.org/thread.html/r7af60fbd8b2350d49d14e53a3ab2801998b9d1af2d6fcac60b060a53%40%3Cdev.brooklyn.apache.org%3E"
                    },
                    {
                        "url": "https://www.oracle.com/security-alerts/cpuapr2020.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.oracle.com/security-alerts/cpujul2020.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://lists.apache.org/thread.html/308cc15f1f1dc53e97046fddbac240e6cd16de89a2746cf257be7f5b%40%3Cdev.commons.apache.org%3E",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.oracle.com/security-alerts/cpuoct2020.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.oracle.com/security-alerts/cpujan2021.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.oracle.com/security-alerts/cpuApr2021.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.oracle.com//security-alerts/cpujul2021.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
                        "tags": [
                            "x_transferred"
                        ]
                    },
                    {
                        "url": "https://security.netapp.com/advisory/ntap-20230818-0001/",
                        "tags": [
                            "x_transferred"
                        ]
                    }
                ]
            }
        ]
    }
}