Home

CVE-2021-36374

Description

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.113

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle WebLogic Server 12.2.1.4.0Windows
Multiple vulnerabilities are affected in Oracle WebLogic Server 14.1.1.0.0Windows
Vulnerabilities CVE-2021-36374,CVE-2021-36373 are fixed in Apache-ant 1.10.11Windows
Vulnerabilities CVE-2021-36374,CVE-2021-36373 are fixed in Apache-ant 1.9.16Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 20.0.0.2Windows
Multiple vulnerabilities are affected in Oracle Communications Order and Service Management 7.3Windows
Multiple vulnerabilities are affected in Oracle Communications Order and Service Management 7.4Windows
Multiple Vulnerabilities are affected in IBM Cognos Controller 11.0.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 21.0.3.1Windows
Multiple Vulnerabilities are affected in IBM Business Automation Workflow 22.0.2Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2Windows
SUSE-SU-2022:1417-1(SUSE Linux Enterprise Server 12-SP5 ) ant-1.9.4-3.9.1.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-jmf-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-jsch-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-antlr-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-junit-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-swing-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-manual-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-javadoc-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-jdepend-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-javamail-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-testutil-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-apache-bsf-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-apache-oro-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-apache-bcel-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-commons-net-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-apache-log4j-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-apache-regexp-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-apache-xalan2-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-apache-resolver-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS-2022-1880) ant-commons-logging-1.9.16-1.amzn2.0.1.noarch.rpmLinux
Vulnerabilities CVE-2021-36374,CVE-2021-36373 are fixed in Apache-ant for Linux 1.10.11Linux
Vulnerabilities CVE-2021-36374,CVE-2021-36373 are fixed in Apache-ant for Linux 1.9.16Linux
ant Security Update (ALAS2-2022-1880) ant-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-antlr-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-apache-bcel-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-apache-bsf-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-apache-log4j-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-apache-oro-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-apache-regexp-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-apache-resolver-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-apache-xalan2-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-commons-logging-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-commons-net-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-javadoc-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-javamail-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-jdepend-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-jmf-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-jsch-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-junit-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-manual-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-swing-1.9.16-1.amzn2.0.1.noarch.rpmLinux
ant Security Update (ALAS2-2022-1880) ant-testutil-1.9.16-1.amzn2.0.1.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234