cbcvebase.
CVE-2021-35516
published 2021-07-13

CVE-2021-35516: When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Affected

46 ranges· showing 25
VendorProductVersion rangeFixed in
apachecommons_compress1.6 – 1.20
apache_software_foundationapache_commons_compress>= 1.6 < Apache Commons Compress*Apache Commons Compress*
atlassianconfluence_data_center
debianlibcommons-compress-java< libcommons-compress-java 1.21-1 (bookworm)libcommons-compress-java 1.21-1 (bookworm)
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_digital_experience
oraclebanking_digital_experience18.1 – 18.3
oraclebanking_enterprise_default_management
oraclebanking_party_management
oraclebusiness_process_management_suite
oraclebusiness_process_management_suite
oraclecommerce_guided_search
oraclecommunications_billing_and_revenue_management
oraclecommunications_cloud_native_core_automated_test_suite
oraclecommunications_cloud_native_core_service_communication_proxy
oraclecommunications_cloud_native_core_unified_data_repository
oraclecommunications_diameter_intelligence_hub8.0.0 – 8.2.3
oraclecommunications_messaging_server
oraclecommunications_session_route_manager8.0.0 – 8.2.5
oraclefinancial_services_crime_and_compliance_management_studio
oraclefinancial_services_crime_and_compliance_management_studio
oraclefinancial_services_enterprise_case_management
oraclefinancial_services_enterprise_case_management

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH