CVE-2021-36090

EPSS 0.28%
Published 13.07.2021 08:15:07
Last modified 21.11.2024 06:13:08
Source security@apache.org
Teams watchlist Login
Open Login

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Affected products Warnungen 0 Metrics 3 CWE 1 References 37

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Commons Compress Version >= 1.0 < 1.21

Oracle ≫ Banking Apis Version >= 18.1 <= 18.3

Oracle ≫ Banking Apis Version19.1

Oracle ≫ Banking Apis Version19.2

Oracle ≫ Banking Apis Version20.1

Oracle ≫ Banking Apis Version21.1

Oracle ≫ Banking Digital Experience Version >= 18.1 <= 18.3

Oracle ≫ Banking Digital Experience Version19.1

Oracle ≫ Banking Digital Experience Version19.2

Oracle ≫ Banking Digital Experience Version20.1

Oracle ≫ Banking Digital Experience Version21.1

Oracle ≫ Banking Enterprise Default Management Version2.7.0

Oracle ≫ Banking Party Management Version2.7.0

Oracle ≫ Banking Payments Version14.5

Oracle ≫ Banking Platform Version2.6.2

Oracle ≫ Banking Platform Version2.7.1

Oracle ≫ Banking Platform Version2.9.0

Oracle ≫ Banking Platform Version2.12.0

Oracle ≫ Banking Trade Finance Version14.5

Oracle ≫ Banking Treasury Management Version14.5

Oracle ≫ Business Process Management Suite Version12.2.1.3.0

Oracle ≫ Business Process Management Suite Version12.2.1.4.0

Oracle ≫ Commerce Guided Search Version11.3.2

Oracle ≫ Communications Billing And Revenue Management Version12.0.0.4

Oracle ≫ Communications Cloud Native Core Automated Test Suite Version1.8.0

Oracle ≫ Communications Cloud Native Core Service Communication Proxy Version1.14.0

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version1.14.0

Oracle ≫ Communications Diameter Intelligence Hub Version >= 8.0.0 <= 8.2.3

Oracle ≫ Communications Diameter Intelligence Hub Version8.2.3

Oracle ≫ Communications Element Manager Version >= 8.2.0 <= 8.2.4.0

Oracle ≫ Communications Session Report Manager Version >= 8.2.0 <= 8.2.5.0

Oracle ≫ Communications Session Route Manager Version >= 8.0.0 <= 8.2.5.0

Oracle ≫ Communications Unified Inventory Management Version7.4.0

Oracle ≫ Communications Unified Inventory Management Version7.4.1

Oracle ≫ Communications Unified Inventory Management Version7.4.2

Oracle ≫ Communications Unified Inventory Management Version7.5.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.6 <= 8.1.1

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.2.0

Oracle ≫ Financial Services Crime And Compliance Management Studio Version8.0.8.3.0

Oracle ≫ Financial Services Enterprise Case Management

Oracle ≫ Financial Services Enterprise Case Management Version8.0.7.2.0

Oracle ≫ Financial Services Enterprise Case Management Version8.0.8.1.0

Oracle ≫ Flexcube Universal Banking Version >= 14.0.0 <= 14.3.0

Oracle ≫ Flexcube Universal Banking Version12.4

Oracle ≫ Flexcube Universal Banking Version14.5

Oracle ≫ Healthcare Data Repository Version8.1.0

Oracle ≫ Insurance Policy Administration Version11.0.2

Oracle ≫ Insurance Policy Administration Version11.1.0

Oracle ≫ Insurance Policy Administration Version11.2.8

Oracle ≫ Insurance Policy Administration Version11.3.0

Oracle ≫ Insurance Policy Administration Version11.3.1

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.57

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58

Oracle ≫ Peoplesoft Enterprise Peopletools Version8.59

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.12

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.11

Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.7

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Utilities Testing Accelerator Version6.0.0.1.1

Oracle ≫ Utilities Testing Accelerator Version6.0.0.2.2

Oracle ≫ Utilities Testing Accelerator Version6.0.0.3.1

Oracle ≫ Webcenter Portal Version12.2.1.3.0

Oracle ≫ Webcenter Portal Version12.2.1.4.0

Oracle ≫ Communications Messaging Server Version8.1

Netapp ≫ Active Iq Unified Manager Version- SwPlatformlinux

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Active Iq Unified Manager Version- SwPlatformwindows

Netapp ≫ Oncommand Insight Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.483

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-130 Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://commons.apache.org/proper/commons-compress/security-reports.html