Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-crv7-7245-f45f

Опубликовано: 02 авг. 2021
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

Improper Handling of Length Parameter Inconsistency in Compress

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Ссылки

Пакеты

Наименование

org.apache.commons:commons-compress

maven
Затронутые версииВерсия исправления

< 1.21

1.21

EPSS

Процентиль: 80%
0.01402
Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-35516

Дефекты

CWE-130
CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2021-35516

CVSS3: 7.5
ubuntu
больше 4 лет назад

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

redhat логотип

CVE-2021-35516

CVSS3: 7.5
redhat
больше 4 лет назад

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

nvd логотип

CVE-2021-35516

CVSS3: 7.5
nvd
больше 4 лет назад

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

debian логотип

CVE-2021-35516

CVSS3: 7.5
debian
больше 4 лет назад

When reading a specially crafted 7Z archive, Compress can be made to a ...

fstec логотип

BDU:2021-03965

CVSS3: 7.5
fstec
больше 4 лет назад

Уязвимость программного пакета sevenz архиватора Apache Commons Compress, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 80%
0.01402
Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-35516

Дефекты

CWE-130
CWE-770