Improper Handling of Exceptional Conditions

CVE-2022-24615

Medium

5.5/10

Summary

zip4j before 2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

References

Advisory
java.lang.RuntimeException
java.lang.IllegalArgumentException

Advisory Timeline

Published Feb 24, 2022

Improper Handling of Exceptional Conditions

CVE-2022-24615

Summary

CWE-755 - Improper Handling of Exceptional Conditions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS