7.5
CVSSv3

CVE-2021-35515

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.00849 | KEV: Not Included
Published: 13/07/2021 Updated: 21/11/2024

Vulnerability Summary

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache commons compress

netapp active iq unified manager -

netapp oncommand insight -

oracle banking digital experience

oracle banking digital experience 19.1

oracle banking digital experience 20.1

oracle banking digital experience 21.1

oracle banking enterprise default management 2.7.0

oracle banking party management 2.7.0

oracle banking payments 14.5

oracle banking trade finance 14.5

oracle banking treasury management 14.5

oracle business process management suite 12.2.1.3.0

oracle business process management suite 12.2.1.4.0

oracle commerce guided search 11.3.2

oracle communications billing and revenue management 12.0.0.4

oracle communications cloud native core automated test suite 1.8.0

oracle communications cloud native core service communication proxy 1.14.0

oracle communications cloud native core unified data repository 1.14.0

oracle communications diameter intelligence hub

oracle communications session route manager

oracle financial services crime and compliance management studio 8.0.8.2.0

oracle financial services crime and compliance management studio 8.0.8.3.0

oracle financial services enterprise case management 8.0.7.2.0

oracle financial services enterprise case management 8.0.8.1.0

oracle flexcube universal banking

oracle flexcube universal banking 12.4.0

oracle flexcube universal banking 14.5.0

oracle healthcare data repository 8.1.0

oracle insurance policy administration 11.0.2

oracle insurance policy administration 11.1.0

oracle insurance policy administration 11.2.8

oracle insurance policy administration 11.3.0

oracle insurance policy administration 11.3.1

oracle peoplesoft enterprise peopletools 8.57

oracle peoplesoft enterprise peopletools 8.58

oracle peoplesoft enterprise peopletools 8.59

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle utilities testing accelerator 6.0.0.1.1

oracle utilities testing accelerator 6.0.0.2.2

oracle utilities testing accelerator 6.0.0.3.1

oracle communications messaging server 8.1

Vendor Advisories

Debian Bug report logs - #991041 libcommons-compress-java: CVE-2021-36090 CVE-2021-35517 CVE-2021-35516 CVE-2021-35515 Package: src:libcommons-compress-java; Maintainer for src:libcommons-compress-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg ...
Synopsis Moderate: RHV Manager (ovirt-engine) [ovirt-451] security, bug fix and update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are ...
Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
A flaw was found in apache-commons-compress When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop This flaw allows the mounting of a denial of service attack against services that use Compress' SevenZ package The highest threat from this vulnerability is to sys ...
Hitachi Automation Director and Hitachi Ops Center Automator contain the following vulnerabilities: CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 Affected products and versions are listed below Please upgrade your version to the appropriate version To find fixed products, need to find same number following product name in [A ...

Mailing Lists

Severity: low Description: When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop This could be used to mount a denial of service attack against services that use Compress' sevenz package Mitigation: Commons Compress users should upgrade to 121 or later ...

References

CWE-834CWE-835https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041https://nvd.nist.govhttps://www.first.org/epsshttp://www.openwall.com/lists/oss-security/2021/07/13/1https://commons.apache.org/proper/commons-compress/security-reports.htmlhttps://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3Ehttps://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3Cdev.poi.apache.org%3Ehttps://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3Cnotifications.skywalking.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20211022-0001/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttp://www.openwall.com/lists/oss-security/2021/07/13/1https://commons.apache.org/proper/commons-compress/security-reports.htmlhttps://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3Ehttps://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3Cdev.poi.apache.org%3Ehttps://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3Cnotifications.skywalking.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20211022-0001/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html