When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Feb 2023, 15:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:* |
|
First Time |
Oracle financial Services Crime And Compliance Management Studio
|
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory |
25 Jul 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2022, 14:07
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle communications Diameter Intelligence Hub
Oracle healthcare Data Repository Oracle communications Cloud Native Core Automated Test Suite Oracle banking Treasury Management Oracle webcenter Portal Oracle flexcube Universal Banking Oracle banking Payments Oracle banking Trade Finance Oracle insurance Policy Administration Oracle communications Billing And Revenue Management |
|
CPE | cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:12.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:* |
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
01 Mar 2022, 17:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* |
|
First Time |
Oracle utilities Testing Accelerator
Oracle banking Apis Oracle communications Cloud Native Core Unified Data Repository Oracle communications Cloud Native Core Service Communication Proxy Oracle banking Digital Experience Oracle banking Party Management Oracle banking Enterprise Default Management Oracle business Process Management Suite Oracle communications Unified Inventory Management Oracle commerce Guided Search |
07 Feb 2022, 16:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2021, 14:26
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211022-0001/ - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E - Broken Link, Mailing List, Vendor Advisory |
22 Oct 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Oct 2021, 11:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Sep 2021, 12:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:drill:*:*:*:*:*:*:*:* | |
References |
|
|
References | (MLIST) https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6@%3Cissues.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a@%3Cissues.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3Ccommits.drill.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Patch, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd@%3Cissues.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456@%3Cdev.drill.apache.org%3E - Mailing List, Vendor Advisory |
11 Aug 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Aug 2021, 07:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Aug 2021, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
27 Jul 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
26 Jul 2021, 11:24
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
References |
|
|
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/6 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/07/13/4 - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3Cuser.ant.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MISC) https://commons.apache.org/proper/commons-compress/security-reports.html - Vendor Advisory | |
References | (MISC) https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E - Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7@%3Cnotifications.james.apache.org%3E - Mailing List, Patch, Vendor Advisory |
16 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jul 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Jul 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-13 08:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-36090
Mitre link : CVE-2021-36090
CVE.ORG link : CVE-2021-36090
JSON object : View
Products Affected
oracle
- communications_element_manager
- communications_cloud_native_core_unified_data_repository
- communications_diameter_intelligence_hub
- primavera_unifier
- webcenter_portal
- communications_cloud_native_core_service_communication_proxy
- communications_session_route_manager
- business_process_management_suite
- banking_enterprise_default_management
- communications_session_report_manager
- flexcube_universal_banking
- communications_cloud_native_core_automated_test_suite
- banking_trade_finance
- banking_digital_experience
- financial_services_crime_and_compliance_management_studio
- banking_payments
- communications_billing_and_revenue_management
- primavera_gateway
- communications_unified_inventory_management
- banking_platform
- banking_party_management
- healthcare_data_repository
- insurance_policy_administration
- utilities_testing_accelerator
- financial_services_enterprise_case_management
- peoplesoft_enterprise_peopletools
- banking_apis
- communications_messaging_server
- financial_services_analytical_applications_infrastructure
- banking_treasury_management
- commerce_guided_search
netapp
- oncommand_insight
- active_iq_unified_manager
apache
- commons_compress
CWE