Lucene search

[email protected]NVD:CVE-2021-35516

HistoryJul 13, 2021 - 8:15 a.m.

CVE-2021-35516

2021-07-1308:15:07

CWE-130

CWE-770

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.025 Low

EPSS

Percentile

90.2%

JSON

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress’ sevenz package.

Affected configurations

NVD

Node

apachecommons_compressRange1.6–1.20

Node

netappactive_iq_unified_managerMatch-linux

netappactive_iq_unified_managerMatch-vmware_vsphere

netappactive_iq_unified_managerMatch-windows

netapponcommand_insightMatch-

Node

oraclebanking_digital_experienceRange18.1–18.3

oraclebanking_digital_experienceMatch19.1

oraclebanking_digital_experienceMatch19.2

oraclebanking_digital_experienceMatch20.1

oraclebanking_digital_experienceMatch21.1

oraclebanking_enterprise_default_managementMatch2.7.0

oraclebanking_party_managementMatch2.7.0

oraclebusiness_process_management_suiteMatch12.2.1.3.0

oraclebusiness_process_management_suiteMatch12.2.1.4.0

oraclecommerce_guided_searchMatch11.3.2

oraclecommunications_billing_and_revenue_managementMatch12.0.0.4

oraclecommunications_cloud_native_core_automated_test_suiteMatch1.8.0

oraclecommunications_cloud_native_core_service_communication_proxyMatch1.14.0

oraclecommunications_cloud_native_core_unified_data_repositoryMatch1.14.0

oraclecommunications_diameter_intelligence_hubRange8.0.0–8.2.3

oraclecommunications_session_route_managerRange8.0.0–8.2.5

oraclefinancial_services_crime_and_compliance_management_studioMatch8.0.8.2.0

oraclefinancial_services_crime_and_compliance_management_studioMatch8.0.8.3.0

oraclefinancial_services_enterprise_case_managementMatch8.0.7.2.0

oraclefinancial_services_enterprise_case_managementMatch8.0.8.1.0

oracleflexcube_universal_bankingRange14.0.0–14.3.0

oracleflexcube_universal_bankingMatch12.4.0

oracleflexcube_universal_bankingMatch14.5

oraclehealthcare_data_repositoryMatch8.1.0

oracleinsurance_policy_administrationMatch11.0.2

oracleinsurance_policy_administrationMatch11.1.0

oracleinsurance_policy_administrationMatch11.2.8

oracleinsurance_policy_administrationMatch11.3.0

oracleinsurance_policy_administrationMatch11.3.1

oraclepeoplesoft_enterprise_peopletoolsMatch8.57

oraclepeoplesoft_enterprise_peopletoolsMatch8.58

oraclepeoplesoft_enterprise_peopletoolsMatch8.59

oracleprimavera_unifierRange17.7–17.12

oracleprimavera_unifierMatch18.8

oracleprimavera_unifierMatch19.12

oracleprimavera_unifierMatch20.12

oracleutilities_testing_acceleratorMatch6.0.0.1.1

oracleutilities_testing_acceleratorMatch6.0.0.2.2

oracleutilities_testing_acceleratorMatch6.0.0.3.1

oraclewebcenter_portalMatch12.2.1.3.0

oraclewebcenter_portalMatch12.2.1.4.0

oraclecommunications_messaging_serverMatch8.1

References

www.openwall.com/lists/oss-security/2021/07/13/2

commons.apache.org/proper/commons-compress/security-reports.html

lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3Cdev.poi.apache.org%3E

lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3Cnotifications.skywalking.apache.org%3E

lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3Cnotifications.skywalking.apache.org%3E

lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3Ccommits.pulsar.apache.org%3E

lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3Cnotifications.skywalking.apache.org%3E

lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3Cnotifications.skywalking.apache.org%3E

lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3Cnotifications.skywalking.apache.org%3E

lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3Cnotifications.skywalking.apache.org%3E

lists.apache.org/thread.html/rf5b1016fb15b7118b9a5e16bb0b78cb4f1dfcf7821eb137ab5757c91%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E

lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3Cnotifications.skywalking.apache.org%3E

security.netapp.com/advisory/ntap-20211022-0001/

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpujul2022.html

www.oracle.com/security-alerts/cpuoct2021.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.025 Low

EPSS

Percentile

90.2%

JSON

Related for NVD:CVE-2021-35516

cnvd1 osv2 ubuntucve1 cve1 debiancve1 github1 prion1 ibm25 veracode1 cvelist1 redhatcve1 suse2 nessus7 openvas4 mageia1 redhat2 oracle9