CVE-2021-36373

Published Jul 14, 2021
Last updated a year ago
CVSS medium 5.5
Overview

Description: When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Source: security@apache.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 5.5
Impact score: 3.6
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM
CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: NVD-CWE-Other
security@apache.org: CWE-130
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C89ED6A3-3C13-4D67-A2B2-BF2A9FF9E03B",
            "versionEndExcluding": "1.9.16",
            "versionStartIncluding": "1.9.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87EE8429-8072-48A8-B406-3A8487A350B6",
            "versionEndExcluding": "1.10.11",
            "versionStartIncluding": "1.10.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21CC9E01-616E-411B-B0C7-DE6E599D3319"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F73C3A-A5C1-46F5-91E4-22F97A79E703",
            "versionEndIncluding": "8.1.1",
            "versionStartIncluding": "8.0.6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
            "versionEndIncluding": "11.3.1",
            "versionStartIncluding": "11.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
            "versionEndIncluding": "17.12.11",
            "versionStartIncluding": "17.12.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "301E7158-9090-467C-B3B4-30A8DB3B395D",
            "versionEndIncluding": "18.8.12",
            "versionStartIncluding": "18.8.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BBEFACB1-C8EA-492B-8F85-A564DB363C83",
            "versionEndIncluding": "19.12.11",
            "versionStartIncluding": "19.12.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
            "versionEndIncluding": "20.12.7",
            "versionStartIncluding": "20.12.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
            "versionEndIncluding": "17.12",
            "versionStartIncluding": "17.7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53"
          },
          {
            "criteria": "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DBAC91D-14AA-4FEA-BBDA-C09CB5B3B831"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43DA1635-08DA-434D-AA39-20D117468B5A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C401E65A-8FA0-44E6-9AFC-6CC06498122F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F09182F-D0F2-41A7-A4AB-79099194B2CB"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44AA1B51-8A24-48F0-B16F-803D69698707"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "919DED83-2F88-4202-9556-5F4E5E1E6790"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A29C39DD-971B-4A3F-BA08-91C8CC9B4A32"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97DD0665-C420-4F6F-AD1F-07674B13614E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1581DEE7-48C3-4832-B616-A25D9DD3E898"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77326E29-0F3C-4BF1-905F-FF89EB9A897A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1933509-1BEA-45DA-B6AF-2713B432B1F5"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DA1BF68-635B-4577-B3F7-DEBC39567C8F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B202AEF-1197-441B-8EA1-2913BFD8A545"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1"
          },
          {
            "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "513AE97F-161C-43D2-B2D1-653125A9E920",
            "versionEndExcluding": "11.2.2.8.27"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
            "versionEndIncluding": "4.3.0.6.0",
            "versionStartIncluding": "4.3.0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
