CVE-2021-36373

EPSS 0.15%
Veröffentlicht 14.07.2021 07:15:08
Zuletzt bearbeitet 21.11.2024 06:13:37
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Ant Version >= 1.9.0 < 1.9.16

Apache ≫ Ant Version >= 1.10.0 < 1.10.11

Oracle ≫ Agile Plm Version9.3.6

Oracle ≫ Banking Trade Finance Version14.5

Oracle ≫ Banking Treasury Management Version14.5

Oracle ≫ Communications Cloud Native Core Automated Test Suite Version1.9.0

Oracle ≫ Communications Cloud Native Core Binding Support Function Version1.11.0

Oracle ≫ Communications Order And Service Management Version7.3

Oracle ≫ Communications Order And Service Management Version7.4

Oracle ≫ Communications Unified Inventory Management Version7.3.0

Oracle ≫ Communications Unified Inventory Management Version7.4.0

Oracle ≫ Communications Unified Inventory Management Version7.4.1

Oracle ≫ Communications Unified Inventory Management Version7.4.2

Oracle ≫ Communications Unified Inventory Management Version7.5.0

Oracle ≫ Enterprise Repository Version11.1.1.7.0

Oracle ≫ Financial Services Analytical Applications Infrastructure Version >= 8.0.6 <= 8.1.1

Oracle ≫ Insurance Policy Administration Version >= 11.0 <= 11.3.1

Oracle ≫ Primavera Gateway Version >= 17.12.0 <= 17.12.11

Oracle ≫ Primavera Gateway Version >= 18.8.0 <= 18.8.12

Oracle ≫ Primavera Gateway Version >= 19.12.0 <= 19.12.11

Oracle ≫ Primavera Gateway Version >= 20.12.0 <= 20.12.7

Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12

Oracle ≫ Primavera Unifier Version18.8

Oracle ≫ Primavera Unifier Version19.12

Oracle ≫ Primavera Unifier Version20.12

Oracle ≫ Real-time Decision Server Version3.2.0.0

Oracle ≫ Real-time Decision Server Version11.1.1.9.0

Oracle ≫ Retail Advanced Inventory Planning Version14.1

Oracle ≫ Retail Advanced Inventory Planning Version15.0

Oracle ≫ Retail Advanced Inventory Planning Version16.0

Oracle ≫ Retail Back Office Version14.0

Oracle ≫ Retail Back Office Version14.1

Oracle ≫ Retail Bulk Data Integration Version16.0.3.0

Oracle ≫ Retail Bulk Data Integration Version19.0.1

Oracle ≫ Retail Central Office Version14.0

Oracle ≫ Retail Central Office Version14.1

Oracle ≫ Retail Eftlink Version19.0.1

Oracle ≫ Retail Eftlink Version20.0.1

Oracle ≫ Retail Extract Transform And Load Version13.2.8

Oracle ≫ Retail Financial Integration Version14.1.3.2

Oracle ≫ Retail Financial Integration Version15.0.4.0

Oracle ≫ Retail Financial Integration Version16.0.3.0

Oracle ≫ Retail Integration Bus Version14.1.3.2

Oracle ≫ Retail Integration Bus Version15.0.4.0

Oracle ≫ Retail Integration Bus Version16.0.3.0

Oracle ≫ Retail Integration Bus Version19.0.1.0

Oracle ≫ Retail Invoice Matching Version16.0.3

Oracle ≫ Retail Merchandising System Version19.0.1

Oracle ≫ Retail Point-of-service Version14.0

Oracle ≫ Retail Point-of-service Version14.1

Oracle ≫ Retail Predictive Application Server Version14.1.3

Oracle ≫ Retail Predictive Application Server Version15.0.3

Oracle ≫ Retail Predictive Application Server Version16.0.3.0

Oracle ≫ Retail Service Backbone Version14.1.3.2

Oracle ≫ Retail Service Backbone Version15.0.4.0

Oracle ≫ Retail Service Backbone Version16.0.3.0

Oracle ≫ Retail Service Backbone Version19.0.1.0

Oracle ≫ Retail Store Inventory Management Version14.1

Oracle ≫ Retail Store Inventory Management Version15.0

Oracle ≫ Retail Store Inventory Management Version16.0

Oracle ≫ Retail Xstore Point Of Service Version16.0.6

Oracle ≫ Retail Xstore Point Of Service Version17.0.4

Oracle ≫ Retail Xstore Point Of Service Version18.0.3

Oracle ≫ Retail Xstore Point Of Service Version19.0.2

Oracle ≫ Retail Xstore Point Of Service Version20.0.1

Oracle ≫ Timesten In-memory Database Version < 11.2.2.8.27

Oracle ≫ Utilities Framework Version >= 4.3.0.1.0 <= 4.3.0.6.0

Oracle ≫ Utilities Framework Version4.2.0.2.0

Oracle ≫ Utilities Framework Version4.2.0.3.0

Oracle ≫ Utilities Framework Version4.4.0.0.0

Oracle ≫ Utilities Framework Version4.4.0.2.0

Oracle ≫ Utilities Framework Version4.4.0.3.0

Oracle ≫ Utilities Testing Accelerator Version6.0.0.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.358

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-130 Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Not Applicable

https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E