CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
86.5%
When reading a specially crafted ZIP archive, Compress can be made to
allocate large amounts of memory that finally leads to an out of memory
error even for very small inputs. This could be used to mount a denial of
service attack against services that use Compress’ zip package.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 20.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 22.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 24.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
ubuntu | 16.04 | noarch | libcommons-compress-java | < any | UNKNOWN |
www.openwall.com/lists/oss-security/2021/07/13/4
www.openwall.com/lists/oss-security/2021/07/13/6
commons.apache.org/proper/commons-compress/security-reports.html
launchpad.net/bugs/cve/CVE-2021-36090
lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3Cannounce.apache.org%3E
lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3Cuser.ant.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-36090
security-tracker.debian.org/tracker/CVE-2021-36090
www.cve.org/CVERecord?id=CVE-2021-36090
www.openwall.com/lists/oss-security/2021/07/13/4
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
86.5%