← Back

CVE-2021-35516

nvd nist
Published: Jul 13, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Affected (47)

Products: Apache: Commons Compress · Netapp: Active Iq Unified Manager, Oncommand Insight · Oracle: Banking Digital Experience, Banking Enterprise Default Management, Banking Party Management, Business Process Management Suite, Commerce Guided Search, Communications Billing And Revenue Management, Communications Cloud Native Core Automated Test Suite, Communications Cloud Native Core Service Communication Proxy, Communications Cloud Native Core Unified Data Repository, Communications Diameter Intelligence Hub, Communications Messaging Server, Communications Session Route Manager, Financial Services Crime And Compliance Management Studio, Financial Services Enterprise Case Management, Flexcube Universal Banking, Healthcare Data Repository, Insurance Policy Administration, Peoplesoft Enterprise Peopletools, Primavera Unifier, Utilities Testing Accelerator, Webcenter Portal
Apache
1 product
Commons Compress
Netapp
2 products
Active Iq Unified Manager
Oncommand Insight
Oracle
21 products
Banking Digital Experience
Banking Enterprise Default Management
Banking Party Management
Business Process Management Suite
Commerce Guided Search
Communications Billing And Revenue Management
Communications Cloud Native Core Automated Test Suite
Communications Cloud Native Core Service Communication Proxy
Communications Cloud Native Core Unified Data Repository
Communications Diameter Intelligence Hub
Communications Messaging Server
Communications Session Route Manager
Financial Services Crime And Compliance Management Studio
Financial Services Enterprise Case Management
Flexcube Universal Banking
Healthcare Data Repository
Insurance Policy Administration
Peoplesoft Enterprise Peopletools
Primavera Unifier
Utilities Testing Accelerator
Webcenter Portal
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Commons Compress
From 1.6 to 1.20
Configuration B
4 vulnerable
Vulnerable SoftwareAffected Versions
Netapp
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Active Iq Unified Manager
All versions
Oncommand Insight
All versions
Configuration C
42 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Banking Digital Experience
From 18.1 to 18.3
Banking Digital Experience
Version 19.1
Banking Digital Experience
Version 19.2
Banking Digital Experience
Version 20.1
Banking Digital Experience
Version 21.1
Banking Enterprise Default Management
Version 2.7.0
Banking Party Management
Version 2.7.0
Oracle
Business Process Management Suite
Version 12.2.1.3.0
Business Process Management Suite
Version 12.2.1.4.0
Commerce Guided Search
Version 11.3.2
Communications Billing And Revenue Management
Version 12.0.0.4
Communications Cloud Native Core Automated Test Suite
Version 1.8.0
Communications Cloud Native Core Service Communication Proxy
Version 1.14.0
Communications Cloud Native Core Unified Data Repository
Version 1.14.0
Communications Diameter Intelligence Hub
From 8.0.0 to 8.2.3
Communications Messaging Server
Version 8.1
Communications Session Route Manager
From 8.0.0 to 8.2.5
Oracle
Financial Services Crime And Compliance Management Studio
Version 8.0.8.2.0
Financial Services Crime And Compliance Management Studio
Version 8.0.8.3.0
Oracle
Financial Services Enterprise Case Management
Version 8.0.7.2.0
Financial Services Enterprise Case Management
Version 8.0.8.1.0
Oracle
Flexcube Universal Banking
From 14.0.0 to 14.3.0
Flexcube Universal Banking
Version 12.4.0
Flexcube Universal Banking
Version 14.5
Healthcare Data Repository
Version 8.1.0
Oracle
Insurance Policy Administration
Version 11.0.2
Insurance Policy Administration
Version 11.1.0
Insurance Policy Administration
Version 11.2.8
Insurance Policy Administration
Version 11.3.0
Insurance Policy Administration
Version 11.3.1
Oracle
Peoplesoft Enterprise Peopletools
Version 8.57
Peoplesoft Enterprise Peopletools
Version 8.58
Peoplesoft Enterprise Peopletools
Version 8.59
Oracle
Primavera Unifier
From 17.7 to 17.12
Primavera Unifier
Version 18.8
Primavera Unifier
Version 19.12
Primavera Unifier
Version 20.12
Oracle
Utilities Testing Accelerator
Version 6.0.0.1.1
Utilities Testing Accelerator
Version 6.0.0.2.2
Utilities Testing Accelerator
Version 6.0.0.3.1
Oracle
Webcenter Portal
Version 12.2.1.3.0
Webcenter Portal
Version 12.2.1.4.0

Related CWEs

CWE-130
Improper Handling of Length Parameter Inconsistency
The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (36)

Source: security@apache.org
Mailing ListThird Party Advisory
Source: security@apache.org
Vendor Advisory
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Source: security@apache.org
Mailing ListVendor Advisory
Source: security@apache.org
Source: security@apache.org
Third Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: security@apache.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.