7.5
CVE-2021-35516
- EPSS 0.28%
- Published 13.07.2021 08:15:07
- Last modified 21.11.2024 06:12:25
- Source security@apache.org
- Teams watchlist Login
- Open Login
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ Commons Compress Version >= 1.6 <= 1.20
Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux
Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere
Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows
Netapp ≫ Oncommand Insight Version-
Oracle ≫ Banking Digital Experience Version >= 18.1 <= 18.3
Oracle ≫ Banking Digital Experience Version19.1
Oracle ≫ Banking Digital Experience Version19.2
Oracle ≫ Banking Digital Experience Version20.1
Oracle ≫ Banking Digital Experience Version21.1
Oracle ≫ Banking Enterprise Default Management Version2.7.0
Oracle ≫ Banking Party Management Version2.7.0
Oracle ≫ Business Process Management Suite Version12.2.1.3.0
Oracle ≫ Business Process Management Suite Version12.2.1.4.0
Oracle ≫ Commerce Guided Search Version11.3.2
Oracle ≫ Communications Billing And Revenue Management Version12.0.0.4
Oracle ≫ Communications Cloud Native Core Automated Test Suite Version1.8.0
Oracle ≫ Communications Cloud Native Core Service Communication Proxy Version1.14.0
Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.14.0
Oracle ≫ Communications Diameter Intelligence Hub Version >= 8.0.0 <= 8.2.3
Oracle ≫ Communications Session Route Manager Version >= 8.0.0 <= 8.2.5
Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.2.0
Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.3.0
Oracle ≫ Financial Services Enterprise Case Management Version8.0.7.2.0
Oracle ≫ Financial Services Enterprise Case Management Version8.0.8.1.0
Oracle ≫ Flexcube Universal Banking Version >= 14.0.0 <= 14.3.0
Oracle ≫ Flexcube Universal Banking Version12.4.0
Oracle ≫ Flexcube Universal Banking Version14.5
Oracle ≫ Healthcare Data Repository Version8.1.0
Oracle ≫ Insurance Policy Administration Version11.0.2
Oracle ≫ Insurance Policy Administration Version11.1.0
Oracle ≫ Insurance Policy Administration Version11.2.8
Oracle ≫ Insurance Policy Administration Version11.3.0
Oracle ≫ Insurance Policy Administration Version11.3.1
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Primavera Unifier Version19.12
Oracle ≫ Primavera Unifier Version20.12
Oracle ≫ Utilities Testing Accelerator Version6.0.0.1.1
Oracle ≫ Utilities Testing Accelerator Version6.0.0.2.2
Oracle ≫ Utilities Testing Accelerator Version6.0.0.3.1
Oracle ≫ Webcenter Portal Version12.2.1.3.0
Oracle ≫ Webcenter Portal Version12.2.1.4.0
Oracle ≫ Communications Messaging Server Version8.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.509 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-130 Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.