CVE-2021-35516

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Link	Resource
https://commons.apache.org/proper/commons-compress/security-reports.html	Vendor Advisory
https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2021/07/13/2	Mailing List Third Party Advisory
https://lists.apache.org/thread.html/rf5b1016fb15b7118b9a5e16bb0b78cb4f1dfcf7821eb137ab5757c91@%3Cannounce.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E	Exploit Mailing List
https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E	Mailing List Vendor Advisory
https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E	Mailing List Patch
https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E	Mailing List Vendor Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html	Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0001/	Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html

Configuration 1

cpe:2.3:a:apache:commons_compress:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:* cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:11.2.8:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*

---

Published : 2021-07-13 08:15

Updated : 2022-07-25 06:15

---

NVD link : CVE-2021-35516

Mitre link : CVE-2021-35516

No products.

CWE-770