Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-mc84-pj99-q6hh

Опубликовано: 02 авг. 2021
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

Improper Handling of Length Parameter Inconsistency in Compress

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Ссылки

Пакеты

Наименование

org.apache.commons:commons-compress

maven
Затронутые версииВерсия исправления

< 1.21

1.21

EPSS

Процентиль: 51%
0.00279
Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-36090

Дефекты

CWE-130

Связанные уязвимости

ubuntu логотип

CVE-2021-36090

CVSS3: 7.5
ubuntu
почти 4 года назад

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

redhat логотип

CVE-2021-36090

CVSS3: 7.5
redhat
почти 4 года назад

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

nvd логотип

CVE-2021-36090

CVSS3: 7.5
nvd
почти 4 года назад

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

debian логотип

CVE-2021-36090

CVSS3: 7.5
debian
почти 4 года назад

When reading a specially crafted ZIP archive, Compress can be made to ...

fstec логотип

BDU:2021-03966

CVSS3: 7.5
fstec
почти 4 года назад

Уязвимость службы сжатия архиватора Apache Commons Compress, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 51%
0.00279
Низкий

7.5 High

CVSS3

CVE ID

CVE-2021-36090

Дефекты

CWE-130