CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Published Feb 19, 2024
·Updated
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress. This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.
Affected Software
4 affected componentsFixes available
maven/org.apache.commons:commons-compress>=1.3<1.26.0
1.26.0
Apache Commons Compress>=1.3<1.26.0
redhat/Apache Commons Compress<1.26
1.26
IBM QRadar SIEM<=7.5 - 7.5.0 UP12 IF03
Event History
Feb 19, 2024
CVE Published
via MITRE·08:33 AM
Data Sourced
via MITRE·08:33 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·09:15 AM
DescriptionSeverityWeaknessAffected Software
Advisory Published
via GitHub·09:30 AM
Data Sourced
via Red Hat·08:32 PM
DescriptionSeverityAffected Software
Aug 1, 2025
Data Sourced
via IBM·12:00 AM
DescriptionAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-25710?
CVE-2024-25710 has a severity level classified as a denial of service vulnerability.
2
How do I fix CVE-2024-25710?
To fix CVE-2024-25710, upgrade Apache Commons Compress to version 1.26.0 or later.
3
Which versions are affected by CVE-2024-25710?
CVE-2024-25710 affects Apache Commons Compress versions from 1.3 up to 1.26.0.
4
Can CVE-2024-25710 be exploited remotely?
Yes, CVE-2024-25710 can be exploited remotely by persuading a victim to open a specially crafted DUMP file.
5
What causes the vulnerability in CVE-2024-25710?
CVE-2024-25710 is caused by an infinite loop flaw that leads to a denial of service condition.