Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-35517

Опубликовано: 13 июл. 2021
Источник: debian

Описание

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libcommons-compress-javafixed1.21-1package
libcommons-compress-javano-dsabullseyepackage
libcommons-compress-javano-dsabusterpackage
libcommons-compress-javano-dsastretchpackage

Примечания

  • https://www.openwall.com/lists/oss-security/2021/07/13/3

  • https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650

  • https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0

  • https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f

Связанные уязвимости

ubuntu логотип

CVE-2021-35517

CVSS3: 7.5
ubuntu
почти 4 года назад

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

redhat логотип

CVE-2021-35517

CVSS3: 7.5
redhat
почти 4 года назад

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

nvd логотип

CVE-2021-35517

CVSS3: 7.5
nvd
почти 4 года назад

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

github логотип

GHSA-xqfj-vm6h-2x34

CVSS3: 7.5
github
почти 4 года назад

Improper Handling of Length Parameter Inconsistency in Compress

fstec логотип

BDU:2021-04206

CVSS3: 5.3
fstec
почти 4 года назад

Уязвимость архиватора Apache Commons Compress, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании