Headline
CVE-2012-2098: About Secunia Research | Flexera
Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.
Image
Featured Details
Multiple ways to consume Secunia Research
Secunia delivers software security research that provides reliable, curated and actionable vulnerability intelligence. Organizations can expect to receive standardized, validated and enriched vulnerability research on a specific version of a software product. Secunia Research supports four solutions:
SVG
Data Platform
Data Platform leverages Secunia Research to provide high-level insights based on major or minor versions of software in your normalized inventory
Learn More
SVG
Flexera One
Flexera One utilizes Secunia Research (alongside public NVD data) to provide more granular matching of build-level versions of software in your normalized inventory within its IT Asset Management and IT Visibility solutions
Learn More
How it works
Accurate, reliable vulnerability insights at your fingertips
The Secunia Research team from Flexera is comprised of several security specialists who conduct vulnerability research in various products in addition to testing, verifying and validating public vulnerability reports. Since its inception in 2002, the goal of the Secunia Research team is to provide the most accurate and reliable source of vulnerability intelligence.
Delivering the world’s best vulnerability intelligence requires skill and passion. Team members continually develop their skills exploring various high-profile closed and open-source software using a variety of approaches, focusing chiefly on thorough code audits and binary analysis. The team has received industry recognition, including naming members to Microsoft’s Most Valuable Security Researchers list.
Secunia researchers discover hard-to-find vulnerabilities that aren’t normally identified with techniques such as fuzzing, and the results have been impressive. Members of the Secunia Research team have discovered critical vulnerabilities in products from vendors including Microsoft, Symantec, IBM, Adobe, RealNetworks, Trend Micro, HP, Blue Coat, Samba, CA, Mozilla and Apple.
The team produces invaluable security advisories based on research of the vulnerabilities affecting any given software update. Sometimes a single update can address multiple vulnerabilities of varying criticalities and threats; but these advisories aggregate and distill findings down to a single advisory perfect for the prioritization of patching efforts within Software Vulnerability Manager. Criticality scores are consistently applied along with details around attack vector and other valuable details within Software Vulnerability Research. Illegitimate vulnerability reports are also investigated and rejected so you can focus only on what truly matters.
Related news
When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).