CVE-2021-36374
Severity
5.5MEDIUM
EPSS
0.1%
top 65.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 14
Latest updateApr 15
Description
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages39 packages
Patches
🔴Vulnerability Details
4OSV▶
CVE-2021-36374: When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to↗2021-07-14
📋Vendor Advisories
12Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Centralized Thirdparty Jars (Apache Ant) — CVE-2021-36374↗2023-10-15
Oracle
▶
Oracle▶
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (Apache Ant) — CVE-2021-36374↗2023-04-15
Oracle▶
Oracle Oracle Retail Applications Risk Matrix: Installation (Apache Ant) — CVE-2021-36374↗2022-10-15