CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
90.2%
When reading a specially crafted 7Z archive, Compress can be made to
allocate large amounts of memory that finally leads to an out of memory
error even for very small inputs. This could be used to mount a denial of
service attack against services that use Compress’ sevenz package.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 20.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 22.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 24.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 16.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
www.openwall.com/lists/oss-security/2021/07/13/2
commons.apache.org/proper/commons-compress/security-reports.html
launchpad.net/bugs/cve/CVE-2021-35516
lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-35516
security-tracker.debian.org/tracker/CVE-2021-35516
www.cve.org/CVERecord?id=CVE-2021-35516
www.openwall.com/lists/oss-security/2021/07/13/2
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
90.2%