Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-36374

Опубликовано: 13 июл. 2021
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Отчет

OpenShift Container Platform 4 (OCP) ships affected version of Apache Ant in the ose-metering-hive container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence ose-metering-hive container has been marked as 'will not fix'. [1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6antOut of support scope
Red Hat CodeReady Studio 12antFix deferred
Red Hat Decision Manager 7antAffected
Red Hat Enterprise Linux 6antOut of support scope
Red Hat Enterprise Linux 7antOut of support scope
Red Hat Enterprise Linux 8ant:1.10/antFix deferred
Red Hat Enterprise Linux 9antAffected
Red Hat Fuse 7antWill not fix
Red Hat Integration Camel K 1antFix deferred
Red Hat JBoss BRMS 6antOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=1982331ant: excessive memory allocation when reading a specially crafted ZIP archive or a derived formats

EPSS

Процентиль: 30%
0.00113
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-36374

CVSS3: 5.5
ubuntu
больше 4 лет назад

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

nvd логотип

CVE-2021-36374

CVSS3: 5.5
nvd
больше 4 лет назад

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

msrc логотип

CVE-2021-36374

CVSS3: 5.5
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2021-36374

CVSS3: 5.5
debian
больше 4 лет назад

When reading a specially crafted ZIP archive, or a derived formats, an ...

github логотип

GHSA-5v34-g2px-j4fw

CVSS3: 5.5
github
больше 4 лет назад

Improper Handling of Length Parameter Inconsistency in Apache Ant

EPSS

Процентиль: 30%
0.00113
Низкий

5.5 Medium

CVSS3