Lucene search

[email protected]NVD:CVE-2021-36374

HistoryJul 14, 2021 - 7:15 a.m.

CVE-2021-36374

2021-07-1407:15:08

CWE-130

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.7%

JSON

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Affected configurations

NVD

Node

apacheantRange1.9.0–1.9.16

apacheantRange1.10.0–1.10.11

Node

oracleagile_engineering_data_managementMatch6.2.1.0

oracleagile_plmMatch9.3.6

oraclebanking_trade_financeMatch14.5

oraclebanking_treasury_managementMatch14.5

oraclecommunications_cloud_native_core_automated_test_suiteMatch1.9.0

oraclecommunications_cloud_native_core_binding_support_functionMatch1.11.0

oraclecommunications_diameter_intelligence_hubRange8.0.0–8.1.0

oraclecommunications_diameter_intelligence_hubRange8.2.0–8.2.3

oraclecommunications_order_and_service_managementMatch7.3

oraclecommunications_order_and_service_managementMatch7.4

oraclecommunications_unified_inventory_managementMatch7.3.0

oraclecommunications_unified_inventory_managementMatch7.4.0

oraclecommunications_unified_inventory_managementMatch7.4.1

oraclecommunications_unified_inventory_managementMatch7.4.2

oraclecommunications_unified_inventory_managementMatch7.5.0

oracleenterprise_repositoryMatch11.1.1.7.0

oraclefinancial_services_analytical_applications_infrastructureRange8.0.6–8.1.1

oraclehealth_sciences_information_managerRange3.0.1–3.0.5

oraclehealth_sciences_information_managerMatch3.0.0.1

oracleinsurance_policy_administrationRange11.0–11.3.1

oracleprimavera_gatewayRange17.12.0–17.12.11

oracleprimavera_gatewayRange18.8.0–18.8.12

oracleprimavera_gatewayRange19.12.0–19.12.11

oracleprimavera_gatewayRange20.12.0–20.12.7

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oracleproduct_lifecycle_analyticsMatch3.6.1

oraclereal-time_decision_serverMatch3.2.0.0

oraclereal-time_decision_serverMatch11.1.1.9.0

oracleretail_advanced_inventory_planningMatch14.1

oracleretail_advanced_inventory_planningMatch15.0

oracleretail_advanced_inventory_planningMatch16.0

oracleretail_back_officeMatch14.0

oracleretail_back_officeMatch14.1

oracleretail_bulk_data_integrationMatch16.0.3.0

oracleretail_bulk_data_integrationMatch19.0.1

oracleretail_central_officeMatch14.0

oracleretail_central_officeMatch14.1

oracleretail_eftlinkMatch19.0.1

oracleretail_eftlinkMatch20.0.1

oracleretail_extract_transform_and_loadMatch13.2.8

oracleretail_financial_integrationMatch14.1.3.2

oracleretail_financial_integrationMatch15.0.4.0

oracleretail_financial_integrationMatch16.0.3.0

oracleretail_integration_busMatch14.1.3.2

oracleretail_integration_busMatch15.0.4.0

oracleretail_integration_busMatch16.0.3.0

oracleretail_integration_busMatch19.0.1.0

oracleretail_invoice_matchingMatch16.0.3

oracleretail_merchandising_systemMatch19.0.1

oracleretail_point-of-serviceMatch14.0

oracleretail_point-of-serviceMatch14.1

oracleretail_predictive_application_serverMatch14.1.3

oracleretail_predictive_application_serverMatch15.0.3

oracleretail_predictive_application_serverMatch16.0.3.0

oracleretail_service_backboneMatch14.1.3.2

oracleretail_service_backboneMatch15.0.4.0

oracleretail_service_backboneMatch16.0.3.0

oracleretail_service_backboneMatch19.0.1.0

oracleretail_store_inventory_managementMatch14.1

oracleretail_store_inventory_managementMatch15.0

oracleretail_store_inventory_managementMatch16.0

oracleretail_xstore_point_of_serviceMatch16.0.6

oracleretail_xstore_point_of_serviceMatch17.0.4

oracleretail_xstore_point_of_serviceMatch18.0.3

oracleretail_xstore_point_of_serviceMatch19.0.2

oracleretail_xstore_point_of_serviceMatch20.0.1

oracletimesten_in-memory_databaseRange<11.2.2.8.27

oracleutilities_frameworkRange4.3.0.1.0–4.3.0.6.0

oracleutilities_frameworkMatch4.2.0.2.0

oracleutilities_frameworkMatch4.2.0.3.0

oracleutilities_frameworkMatch4.4.0.0.0

oracleutilities_frameworkMatch4.4.0.2.0

oracleutilities_frameworkMatch4.4.0.3.0

oracleutilities_testing_acceleratorMatch6.0.0.1.1

References

ant.apache.org/security.html

lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E

lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E

lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E

lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E

lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E

security.netapp.com/advisory/ntap-20210819-0007/

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.7%

JSON

Related for NVD:CVE-2021-36374

osv2 cvelist1 cbl_mariner2 prion1 amazon1 ibm14 cve1 github1 redhatcve1 ubuntucve1 veracode1 nessus18 alpinelinux1 debiancve1 redos35 suse1 photon7 openvas6 archlinux1 oracle9