5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
42.8%
Severity: Low
Date : 2021-07-20
CVE-ID : CVE-2021-36373 CVE-2021-36374
Package : ant
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-2151
The package ant before version 1.10.11-1 is vulnerable to denial of
service.
Upgrade to 1.10.11-1.
The problems have been fixed upstream in version 1.10.11.
None.
When reading a specially crafted TAR archive, Apache Ant before version
1.10.11 can be made to allocate large amounts of memory that finally
leads to an out of memory error, even for small inputs. This can be
used to disrupt builds using Apache Ant.
When reading a specially crafted ZIP archive, or a derived format,
Apache Ant before version 1.10.11 can be made to allocate large amounts
of memory that leads to an out of memory error, even for small inputs.
This can be used to disrupt builds using Apache Ant.
A crafted TAR or ZIP archive could consume large amounts of memory,
leading to denial of service.
https://www.openwall.com/lists/oss-security/2021/07/13/5
https://github.com/apache/ant/commit/6594a2d66f7f060dafcbbf094dd60676db19a842
https://www.openwall.com/lists/oss-security/2021/07/13/6
https://security.archlinux.org/CVE-2021-36373
https://security.archlinux.org/CVE-2021-36374
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
42.8%