Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-35517

Опубликовано: 13 июл. 2021
Источник: nvd
CVSS3: 7.5
CVSS2: 5
EPSS Низкий

Описание

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:*
Версия от 1.1 (включая) до 1.20 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*
Версия от 18.1 (включая) до 18.3 (включая)
cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*
Версия от 18.1 (включая) до 18.3 (включая)
cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.2.3 (включая)
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
Версия от 8.0.0 (включая) до 8.2.5 (включая)
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*
Версия от 14.0.0 (включая) до 14.3.0 (включая)
cpe:2.3:a:oracle:flexcube_universal_banking:12.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*
cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Версия от 17.7 (включая) до 17.12 (включая)
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.00314
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-130
CWE-770

Связанные уязвимости

ubuntu логотип

CVE-2021-35517

CVSS3: 7.5
ubuntu
почти 4 года назад

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

redhat логотип

CVE-2021-35517

CVSS3: 7.5
redhat
почти 4 года назад

When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package.

debian логотип

CVE-2021-35517

CVSS3: 7.5
debian
почти 4 года назад

When reading a specially crafted TAR archive, Compress can be made to ...

github логотип

GHSA-xqfj-vm6h-2x34

CVSS3: 7.5
github
почти 4 года назад

Improper Handling of Length Parameter Inconsistency in Compress

fstec логотип

BDU:2021-04206

CVSS3: 5.3
fstec
почти 4 года назад

Уязвимость архиватора Apache Commons Compress, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 54%
0.00314
Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-130
CWE-770