Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.5
CVSSv3

CVE-2021-36373

Published: 14/07/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Ant

Vulnerability Summary

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant before 1.9.16 and 1.10.11 were affected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache ant

oracle retail store inventory management 14.1

oracle enterprise repository 11.1.1.7.0

oracle retail back office 14.1

oracle retail back office 14.0

oracle utilities framework 4.2.0.3.0

oracle utilities framework 4.2.0.2.0

oracle retail central office 14.0

oracle retail central office 14.1

oracle primavera unifier 18.8

oracle retail point-of-service 14.1

oracle retail point-of-service 14.0

oracle retail predictive application server 15.0.3

oracle primavera unifier

oracle utilities framework 4.4.0.0.0

oracle agile plm 9.3.6

oracle communications unified inventory management 7.4.0

oracle retail store inventory management 16.0

oracle primavera unifier 19.12

oracle utilities framework

oracle utilities framework 4.4.0.2.0

oracle communications unified inventory management 7.3.0

oracle retail advanced inventory planning 14.1

oracle retail bulk data integration 16.0.3.0

oracle retail predictive application server 16.0.3.0

oracle primavera unifier 20.12

oracle communications order and service management 7.4

oracle communications unified inventory management 7.4.1

oracle retail xstore point of service 16.0.6

oracle retail xstore point of service 17.0.4

oracle retail xstore point of service 18.0.3

oracle retail xstore point of service 19.0.2

oracle retail xstore point of service 20.0.1

oracle retail service backbone 14.1.3.2

oracle primavera gateway

oracle utilities framework 4.4.0.3.0

oracle financial services analytical applications infrastructure

oracle insurance policy administration

oracle real-time decision server 3.2.0.0

oracle retail service backbone 15.0.4.0

oracle retail service backbone 16.0.3.0

oracle retail service backbone 19.0.1.0

oracle retail merchandising system 19.0.1

oracle retail integration bus 14.1.3.2

oracle retail integration bus 15.0.4.0

oracle retail integration bus 16.0.3.0

oracle retail store inventory management 15.0

oracle retail integration bus 19.0.1.0

oracle retail predictive application server 14.1.3

oracle retail financial integration 14.1.3.2

oracle retail financial integration 15.0.4.0

oracle retail financial integration 16.0.3.0

oracle retail extract transform and load 13.2.8

oracle retail bulk data integration 19.0.1

oracle retail advanced inventory planning 15.0

oracle retail advanced inventory planning 16.0

oracle real-time decision server 11.1.1.9.0

oracle retail eftlink 19.0.1

oracle communications order and service management 7.3

oracle utilities testing accelerator 6.0.0.1.1

oracle retail invoice matching 16.0.3

oracle retail eftlink 20.0.1

oracle communications unified inventory management 7.4.2

oracle communications unified inventory management 7.5.0

oracle timesten in-memory database

oracle communications cloud native core automated test suite 1.9.0

oracle communications cloud native core binding support function 1.11.0

oracle banking trade finance 14.5

oracle banking treasury management 14.5

Vendor Advisories

Red Hat: Moderate: Red Hat Process Automation Manager 7.13.0 security update
Synopsis Moderate: Red Hat Process Automation Manager 7130 security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat Process Automation ManagerRed Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: CVE-2021-36373
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs This can be used to disrupt builds using Apache Ant Apache Ant prior to 1916 and 11011 were affected ...
Arch Linux Issues:
When reading a specially crafted TAR archive, Apache Ant before version 11011 can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs This can be used to disrupt builds using Apache Ant ...

Mailing Lists

Full Disclosure: CVE-2021-36373: Apache Ant TAR archive denial of service vulnerability
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2021-36373: Apache Ant TAR archive denial of service vulnerability <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

NVD-CWE-Otherhttps://ant.apache.org/security.htmlhttps://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3Ehttps://security.netapp.com/advisory/ntap-20210819-0007/https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3Ehttps://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3Ehttps://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3Ehttps://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2022:5903https://nvd.nist.govhttps://security.archlinux.org/CVE-2021-36373
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook