CVE-2024-26308

CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file

Vendor Apache Software Foundation

Product Apache Commons Compress

Weakness CWE-770 · Uncontrolled resource consumption

Published February 19, 2024

Last update March 27, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue.

Key dates

Disclosure timeline

February 19, 2024 CVE published

March 27, 2025 Record updated