Attacker Value
Unknown
CVE-2021-36374
CVE-2021-36374
(Last updated November 08, 2023) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
5.5 Medium
Impact Score:
3.6
Exploitability Score:
1.8
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Unchanged
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High
General Information
Vendors
- apache,
- oracle
Products
- agile engineering data management 6.2.1.0,
- agile plm 9.3.6,
- ant,
- banking trade finance 14.5,
- banking treasury management 14.5,
- communications cloud native core automated test suite 1.9.0,
- communications cloud native core binding support function 1.11.0,
- communications diameter intelligence hub,
- communications order and service management 7.3,
- communications order and service management 7.4,
- communications unified inventory management 7.3.0,
- communications unified inventory management 7.4.0,
- communications unified inventory management 7.4.1,
- communications unified inventory management 7.4.2,
- communications unified inventory management 7.5.0,
- enterprise repository 11.1.1.7.0,
- financial services analytical applications infrastructure,
- health sciences information manager,
- health sciences information manager 3.0.0.1,
- insurance policy administration,
- primavera gateway,
- primavera unifier,
- primavera unifier 18.8,
- primavera unifier 19.12,
- primavera unifier 20.12,
- product lifecycle analytics 3.6.1,
- real-time decision server 11.1.1.9.0,
- real-time decision server 3.2.0.0,
- retail advanced inventory planning 14.1,
- retail advanced inventory planning 15.0,
- retail advanced inventory planning 16.0,
- retail back office 14.0,
- retail back office 14.1,
- retail bulk data integration 16.0.3.0,
- retail bulk data integration 19.0.1,
- retail central office 14.0,
- retail central office 14.1,
- retail eftlink 19.0.1,
- retail eftlink 20.0.1,
- retail extract transform and load 13.2.8,
- retail financial integration 14.1.3.2,
- retail financial integration 15.0.4.0,
- retail financial integration 16.0.3.0,
- retail integration bus 14.1.3.2,
- retail integration bus 15.0.4.0,
- retail integration bus 16.0.3.0,
- retail integration bus 19.0.1.0,
- retail invoice matching 16.0.3,
- retail merchandising system 19.0.1,
- retail point-of-service 14.0,
- retail point-of-service 14.1,
- retail predictive application server 14.1.3,
- retail predictive application server 15.0.3,
- retail predictive application server 16.0.3.0,
- retail service backbone 14.1.3.2,
- retail service backbone 15.0.4.0,
- retail service backbone 16.0.3.0,
- retail service backbone 19.0.1.0,
- retail store inventory management 14.1,
- retail store inventory management 15.0,
- retail store inventory management 16.0,
- retail xstore point of service 16.0.6,
- retail xstore point of service 17.0.4,
- retail xstore point of service 18.0.3,
- retail xstore point of service 19.0.2,
- retail xstore point of service 20.0.1,
- timesten in-memory database,
- utilities framework,
- utilities framework 4.2.0.2.0,
- utilities framework 4.2.0.3.0,
- utilities framework 4.4.0.0.0,
- utilities framework 4.4.0.2.0,
- utilities framework 4.4.0.3.0,
- utilities testing accelerator 6.0.0.1.1
References
Advisory
