When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
28 Feb 2023, 15:22
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 14:07
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:12.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 17:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2021, 14:26
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0001/ - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E - Broken Link, Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:* |
22 Oct 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 12:31
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | (MLIST) https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3Ccommits.drill.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd@%3Cissues.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6@%3Cissues.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a@%3Cissues.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:apache:drill:*:*:*:*:*:*:*:* |
11 Aug 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Aug 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jul 2021, 11:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | NVD-CWE-Other | |
References |
|
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/6 - Mailing List, Third Party Advisory | |
References | (MISC) https://commons.apache.org/proper/commons-compress/security-reports.html - Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3Cuser.ant.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7@%3Cnotifications.james.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E - Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/4 - Mailing List, Third Party Advisory |
16 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jul 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-13 08:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-36090
Mitre link : CVE-2021-36090
CVE.ORG link : CVE-2021-36090
JSON object : View
Products Affected
oracle
- communications_diameter_intelligence_hub
- banking_platform
- financial_services_crime_and_compliance_management_studio
- communications_billing_and_revenue_management
- webcenter_portal
- banking_digital_experience
- primavera_gateway
- communications_messaging_server
- communications_session_route_manager
- banking_treasury_management
- business_process_management_suite
- banking_payments
- peoplesoft_enterprise_peopletools
- financial_services_analytical_applications_infrastructure
- financial_services_enterprise_case_management
- communications_cloud_native_core_unified_data_repository
- banking_apis
- flexcube_universal_banking
- banking_party_management
- utilities_testing_accelerator
- communications_element_manager
- communications_session_report_manager
- banking_enterprise_default_management
- commerce_guided_search
- healthcare_data_repository
- insurance_policy_administration
- communications_cloud_native_core_automated_test_suite
- communications_cloud_native_core_service_communication_proxy
- communications_unified_inventory_management
- primavera_unifier
- banking_trade_finance
netapp
- active_iq_unified_manager
- oncommand_insight
apache
- commons_compress
CWE