When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Feb 2023, 15:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle financial Services Crime And Compliance Management Studio
|
|
CPE | cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Apr 2022, 19:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:* |
|
First Time |
Oracle healthcare Data Repository
Oracle communications Billing And Revenue Management Oracle insurance Policy Administration Oracle flexcube Universal Banking Oracle communications Cloud Native Core Automated Test Suite Oracle banking Trade Finance Oracle banking Payments Oracle communications Diameter Intelligence Hub Oracle banking Treasury Management |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CWE | CWE-835 |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 18:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle utilities Testing Accelerator
Oracle communications Cloud Native Core Unified Data Repository Oracle communications Cloud Native Core Service Communication Proxy Oracle banking Digital Experience Oracle banking Party Management Oracle banking Enterprise Default Management Oracle business Process Management Suite Oracle commerce Guided Search |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Dec 2021, 20:14
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E - Exploit, Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E - Exploit, Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E - Mailing List, Vendor Advisory | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0001/ - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E - Exploit, Mailing List, Vendor Advisory | |
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* |
22 Oct 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Aug 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jul 2021, 11:57
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-834 | |
References |
|
|
References | (MISC) https://commons.apache.org/proper/commons-compress/security-reports.html - Vendor Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/1 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69@%3Cannounce.apache.org%3E - Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E - Vendor Advisory | |
CPE | cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
16 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-13 08:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-35515
Mitre link : CVE-2021-35515
CVE.ORG link : CVE-2021-35515
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_unified_data_repository
- communications_diameter_intelligence_hub
- primavera_unifier
- communications_cloud_native_core_service_communication_proxy
- communications_session_route_manager
- business_process_management_suite
- banking_enterprise_default_management
- flexcube_universal_banking
- communications_cloud_native_core_automated_test_suite
- banking_trade_finance
- banking_digital_experience
- financial_services_crime_and_compliance_management_studio
- banking_payments
- communications_billing_and_revenue_management
- banking_party_management
- healthcare_data_repository
- insurance_policy_administration
- utilities_testing_accelerator
- financial_services_enterprise_case_management
- peoplesoft_enterprise_peopletools
- communications_messaging_server
- banking_treasury_management
- commerce_guided_search
netapp
- oncommand_insight
- active_iq_unified_manager
apache
- commons_compress