CVE-2022-24615

MEDIUM5.5EPSS 0.27%

Uncaught Exception in zip4j

Published: 2/25/2022Modified: 4/28/2026

Also known as:DEBIAN-CVE-2022-24615

Description

zip4j up to v2.10.0 can throw various uncaught exceptions while parsing a specially crafted ZIP file, which could result in an application crash. This could be used to mount a denial of service attack against services that use zip4j library.

Affected packages (2)

Debian/zip4jfrom 0
Maven/net.lingala.zip4j:zip4jfrom 0, < 2.10.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-24615
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-24615
PATCHhttps://github.com/srikanth-lingala/zip4j
WEBhttps://github.com/srikanth-lingala/zip4j/issues/377
WEBhttps://github.com/srikanth-lingala/zip4j/issues/418