Description
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.
Remediation
References
Related Vulnerabilities
WordPress Plugin IgnitionDeck Security Bypass (1.1.6)
TYPO3 Cryptographic Issues Vulnerability (CVE-2012-3527)
WordPress Plugin Car Demon Multiple Vulnerabilities (1.7.97)
Oracle Database Server CVE-2008-0342 Vulnerability (CVE-2008-0342)
WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.95)