Описание
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Отчет
OpenShift Container Platform 4 (OCP) ships affected version of Apache Ant in the ose-metering-hive container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence ose-metering-hive container has been marked as 'will not fix'. [1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | ant | Out of support scope | ||
| Red Hat CodeReady Studio 12 | ant | Fix deferred | ||
| Red Hat Enterprise Linux 6 | ant | Out of support scope | ||
| Red Hat Enterprise Linux 7 | ant | Out of support scope | ||
| Red Hat Enterprise Linux 8 | ant:1.10/ant | Fix deferred | ||
| Red Hat Enterprise Linux 9 | ant | Will not fix | ||
| Red Hat Fuse 7 | ant | Fix deferred | ||
| Red Hat Integration Camel K 1 | ant | Fix deferred | ||
| Red Hat JBoss BRMS 6 | ant | Out of support scope | ||
| Red Hat JBoss Data Virtualization 6 | ant | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
When reading a specially crafted TAR archive an Apache Ant build can b ...
Improper Handling of Length Parameter Inconsistency in Apache Ant
EPSS
5.5 Medium
CVSS3