Lucene search

[email protected]NVD:CVE-2021-36373

HistoryJul 14, 2021 - 7:15 a.m.

CVE-2021-36373

2021-07-1407:15:08

CWE-130

[email protected]

web.nvd.nist.gov

cve-2021-36373

apache ant

memory allocation

tar archive

out of memory error

disruption

build

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

44.6%

JSON

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Affected configurations

Nvd

Node

apacheantRange1.9.0–1.9.16

apacheantRange1.10.0–1.10.11

Node

oracleagile_plmMatch9.3.6

oraclebanking_trade_financeMatch14.5

oraclebanking_treasury_managementMatch14.5

oraclecommunications_cloud_native_core_automated_test_suiteMatch1.9.0

oraclecommunications_cloud_native_core_binding_support_functionMatch1.11.0

oraclecommunications_order_and_service_managementMatch7.3

oraclecommunications_order_and_service_managementMatch7.4

oraclecommunications_unified_inventory_managementMatch7.3.0

oraclecommunications_unified_inventory_managementMatch7.4.0

oraclecommunications_unified_inventory_managementMatch7.4.1

oraclecommunications_unified_inventory_managementMatch7.4.2

oraclecommunications_unified_inventory_managementMatch7.5.0

oracleenterprise_repositoryMatch11.1.1.7.0

oraclefinancial_services_analytical_applications_infrastructureRange8.0.6–8.1.1

oracleinsurance_policy_administrationRange11.0–11.3.1

oracleprimavera_gatewayRange17.12.0–17.12.11

oracleprimavera_gatewayRange18.8.0–18.8.12

oracleprimavera_gatewayRange19.12.0–19.12.11

oracleprimavera_gatewayRange20.12.0–20.12.7

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oraclereal-time_decision_serverMatch3.2.0.0

oraclereal-time_decision_serverMatch11.1.1.9.0

oracleretail_advanced_inventory_planningMatch14.1

oracleretail_advanced_inventory_planningMatch15.0

oracleretail_advanced_inventory_planningMatch16.0

oracleretail_back_officeMatch14.0

oracleretail_back_officeMatch14.1

oracleretail_bulk_data_integrationMatch16.0.3.0

oracleretail_bulk_data_integrationMatch19.0.1

oracleretail_central_officeMatch14.0

oracleretail_central_officeMatch14.1

oracleretail_eftlinkMatch19.0.1

oracleretail_eftlinkMatch20.0.1

oracleretail_extract_transform_and_loadMatch13.2.8

oracleretail_financial_integrationMatch14.1.3.2

oracleretail_financial_integrationMatch15.0.4.0

oracleretail_financial_integrationMatch16.0.3.0

oracleretail_integration_busMatch14.1.3.2

oracleretail_integration_busMatch15.0.4.0

oracleretail_integration_busMatch16.0.3.0

oracleretail_integration_busMatch19.0.1.0

oracleretail_invoice_matchingMatch16.0.3

oracleretail_merchandising_systemMatch19.0.1

oracleretail_point-of-serviceMatch14.0

oracleretail_point-of-serviceMatch14.1

oracleretail_predictive_application_serverMatch14.1.3

oracleretail_predictive_application_serverMatch15.0.3

oracleretail_predictive_application_serverMatch16.0.3.0

oracleretail_service_backboneMatch14.1.3.2

oracleretail_service_backboneMatch15.0.4.0

oracleretail_service_backboneMatch16.0.3.0

oracleretail_service_backboneMatch19.0.1.0

oracleretail_store_inventory_managementMatch14.1

oracleretail_store_inventory_managementMatch15.0

oracleretail_store_inventory_managementMatch16.0

oracleretail_xstore_point_of_serviceMatch16.0.6

oracleretail_xstore_point_of_serviceMatch17.0.4

oracleretail_xstore_point_of_serviceMatch18.0.3

oracleretail_xstore_point_of_serviceMatch19.0.2

oracleretail_xstore_point_of_serviceMatch20.0.1

oracletimesten_in-memory_databaseRange<11.2.2.8.27

oracleutilities_frameworkRange4.3.0.1.0–4.3.0.6.0

oracleutilities_frameworkMatch4.2.0.2.0

oracleutilities_frameworkMatch4.2.0.3.0

oracleutilities_frameworkMatch4.4.0.0.0

oracleutilities_frameworkMatch4.4.0.2.0

oracleutilities_frameworkMatch4.4.0.3.0

oracleutilities_testing_acceleratorMatch6.0.0.1.1

VendorProductVersionCPE
apacheant*cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*
oracleagile_plm9.3.6cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*
oraclebanking_trade_finance14.5cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
oraclebanking_treasury_management14.5cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_automated_test_suite1.9.0cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_binding_support_function1.11.0cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*
oraclecommunications_order_and_service_management7.3cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*
oraclecommunications_order_and_service_management7.4cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*
oraclecommunications_unified_inventory_management7.3.0cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*
oraclecommunications_unified_inventory_management7.4.0cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	ant	*	cpe:2.3:a:apache:ant::::::::
oracle	agile_plm	9.3.6	cpe:2.3:a:oracle:agile_plm:9.3.6:::::::*
oracle	banking_trade_finance	14.5	cpe:2.3:a:oracle:banking_trade_finance:14.5:::::::*
oracle	banking_treasury_management	14.5	cpe:2.3:a:oracle:banking_treasury_management:14.5:::::::*
oracle	communications_cloud_native_core_automated_test_suite	1.9.0	cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:::::::*
oracle	communications_cloud_native_core_binding_support_function	1.11.0	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:::::::*
oracle	communications_order_and_service_management	7.3	cpe:2.3:a:oracle:communications_order_and_service_management:7.3:::::::*
oracle	communications_order_and_service_management	7.4	cpe:2.3:a:oracle:communications_order_and_service_management:7.4:::::::*
oracle	communications_unified_inventory_management	7.3.0	cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:::::::*
oracle	communications_unified_inventory_management	7.4.0	cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:::::::*