Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2021-35515

Published: 13/07/2021 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Commons Compress

Vulnerability Summary

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache commons compress

netapp oncommand insight -

netapp active iq unified manager -

oracle flexcube universal banking 12.4.0

oracle business process management suite 12.2.1.3.0

oracle peoplesoft enterprise peopletools 8.57

oracle primavera unifier 18.8

oracle primavera unifier

oracle banking digital experience 19.1

oracle flexcube universal banking

oracle peoplesoft enterprise peopletools 8.58

oracle primavera unifier 19.12

oracle banking digital experience 20.1

oracle primavera unifier 20.12

oracle business process management suite 12.2.1.4.0

oracle communications messaging server 8.1

oracle commerce guided search 11.3.2

oracle peoplesoft enterprise peopletools 8.59

oracle insurance policy administration 11.3.0

oracle insurance policy administration 11.0.2

oracle financial services enterprise case management 8.0.8.1.0

oracle financial services enterprise case management 8.0.7.2.0

oracle healthcare data repository 8.1.0

oracle communications session route manager

oracle banking party management 2.7.0

oracle utilities testing accelerator 6.0.0.2.2

oracle utilities testing accelerator 6.0.0.3.1

oracle utilities testing accelerator 6.0.0.1.1

oracle banking digital experience 21.1

oracle communications cloud native core unified data repository 1.14.0

oracle communications cloud native core service communication proxy 1.14.0

oracle communications cloud native core automated test suite 1.8.0

oracle communications billing and revenue management 12.0.0.4

oracle insurance policy administration 11.1.0

oracle insurance policy administration 11.3.1

oracle banking enterprise default management 2.7.0

oracle banking digital experience

oracle insurance policy administration 11.2.8

oracle banking payments 14.5

oracle banking trade finance 14.5

oracle banking treasury management 14.5

oracle flexcube universal banking 14.5.0

oracle communications diameter intelligence hub

oracle financial services crime and compliance management studio 8.0.8.2.0

oracle financial services crime and compliance management studio 8.0.8.3.0

Vendor Advisories

Debian CVElist Bug Report Logs: libcommons-compress-java: CVE-2021-36090 CVE-2021-35517 CVE-2021-35516 CVE-2021-35515
Debian Bug report logs - #991041 libcommons-compress-java: CVE-2021-36090 CVE-2021-35517 CVE-2021-35516 CVE-2021-35515 Package: src:libcommons-compress-java; Maintainer for src:libcommons-compress-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg ...
Red Hat: Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update
Synopsis Moderate: RHV Manager (ovirt-engine) [ovirt-451] security, bug fix and update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Updated ovirt-engine packages that fix several bugs and add various enhancements are ...
Red Hat: Important: Red Hat Fuse 7.11.0 release and security update
Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...
Red Hat: CVE-2021-35515
A flaw was found in apache-commons-compress When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop This flaw allows the mounting of a denial of service attack against services that use Compress' SevenZ package The highest threat from this vulnerability is to sys ...
Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Automation Director and Hitachi Ops Center Automator
Hitachi Automation Director and Hitachi Ops Center Automator contain the following vulnerabilities: CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090 Affected products and versions are listed below Please upgrade your version to the appropriate version To find fixed products, need to find same number following product name in [A ...

References

CWE-835https://commons.apache.org/proper/commons-compress/security-reports.htmlhttps://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/07/13/1https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://security.netapp.com/advisory/ntap-20211022-0001/https://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71%40%3Ccommits.pulsar.apache.org%3Ehttps://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c%40%3Cnotifications.skywalking.apache.org%3Ehttps://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b%40%3Cdev.poi.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991041https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-35515
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook