CVEDB API

Vulnerability Details CVE-2021-35515

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.4%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2021-35515

Apache » Commons Compress » Version: 1.10

cpe:2.3:a:apache:commons_compress:1.10
Apache » Commons Compress » Version: 1.11

cpe:2.3:a:apache:commons_compress:1.11
Apache » Commons Compress » Version: 1.12

cpe:2.3:a:apache:commons_compress:1.12
Apache » Commons Compress » Version: 1.13

cpe:2.3:a:apache:commons_compress:1.13
Apache » Commons Compress » Version: 1.14

cpe:2.3:a:apache:commons_compress:1.14
Apache » Commons Compress » Version: 1.15

cpe:2.3:a:apache:commons_compress:1.15
Apache » Commons Compress » Version: 1.16

cpe:2.3:a:apache:commons_compress:1.16
Apache » Commons Compress » Version: 1.16.1

cpe:2.3:a:apache:commons_compress:1.16.1
Apache » Commons Compress » Version: 1.17

cpe:2.3:a:apache:commons_compress:1.17
Apache » Commons Compress » Version: 1.18

cpe:2.3:a:apache:commons_compress:1.18
Apache » Commons Compress » Version: 1.19

cpe:2.3:a:apache:commons_compress:1.19
Apache » Commons Compress » Version: 1.20

cpe:2.3:a:apache:commons_compress:1.20
Apache » Commons Compress » Version: 1.6

cpe:2.3:a:apache:commons_compress:1.6
Apache » Commons Compress » Version: 1.7

cpe:2.3:a:apache:commons_compress:1.7
Apache » Commons Compress » Version: 1.8

cpe:2.3:a:apache:commons_compress:1.8
Apache » Commons Compress » Version: 1.8.1

cpe:2.3:a:apache:commons_compress:1.8.1
Apache » Commons Compress » Version: 1.9

cpe:2.3:a:apache:commons_compress:1.9
Netapp » Active Iq Unified Manager » Version: N/A

cpe:2.3:a:netapp:active_iq_unified_manager:-
Netapp » Oncommand Insight » Version: N/A

cpe:2.3:a:netapp:oncommand_insight:-
Oracle » Banking Digital Experience » Version: 18.1

cpe:2.3:a:oracle:banking_digital_experience:18.1
Oracle » Banking Digital Experience » Version: 18.2

cpe:2.3:a:oracle:banking_digital_experience:18.2
Oracle » Banking Digital Experience » Version: 18.3

cpe:2.3:a:oracle:banking_digital_experience:18.3
Oracle » Banking Digital Experience » Version: 19.1

cpe:2.3:a:oracle:banking_digital_experience:19.1
Oracle » Banking Digital Experience » Version: 20.1

cpe:2.3:a:oracle:banking_digital_experience:20.1
Oracle » Banking Digital Experience » Version: 21.1

cpe:2.3:a:oracle:banking_digital_experience:21.1
Oracle » Banking Enterprise Default Management » Version: 2.7.0

cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0
Oracle » Banking Party Management » Version: 2.7.0

cpe:2.3:a:oracle:banking_party_management:2.7.0
Oracle » Banking Payments » Version: 14.5

cpe:2.3:a:oracle:banking_payments:14.5
Oracle » Banking Trade Finance » Version: 14.5

cpe:2.3:a:oracle:banking_trade_finance:14.5
Oracle » Banking Treasury Management » Version: 14.5

cpe:2.3:a:oracle:banking_treasury_management:14.5
Oracle » Business Process Management Suite » Version: 12.2.1.3.0

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0
Oracle » Business Process Management Suite » Version: 12.2.1.4.0

cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0
Oracle » Commerce Guided Search » Version: 11.3.2

cpe:2.3:a:oracle:commerce_guided_search:11.3.2
Oracle » Communications Billing And Revenue Management » Version: 12.0.0.4

cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4
Oracle » Communications Cloud Native Core Automated Test Suite » Version: 1.8.0

cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0
Oracle » Communications Cloud Native Core Service Communication Proxy » Version: 1.14.0

cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0
Oracle » Communications Cloud Native Core Unified Data Repository » Version: 1.14.0

cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0
Oracle » Communications Diameter Intelligence Hub » Version: 8.0.0

cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.0.0
Oracle » Communications Diameter Intelligence Hub » Version: 8.1.0

cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.1.0
Oracle » Communications Diameter Intelligence Hub » Version: 8.2.0

cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.0
Oracle » Communications Diameter Intelligence Hub » Version: 8.2.3

cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3
Oracle » Communications Session Route Manager » Version: 8.0.0

cpe:2.3:a:oracle:communications_session_route_manager:8.0.0
Oracle » Communications Session Route Manager » Version: 8.1.0

cpe:2.3:a:oracle:communications_session_route_manager:8.1.0
Oracle » Communications Session Route Manager » Version: 8.1.1

cpe:2.3:a:oracle:communications_session_route_manager:8.1.1
Oracle » Communications Session Route Manager » Version: 8.2.0

cpe:2.3:a:oracle:communications_session_route_manager:8.2.0
Oracle » Communications Session Route Manager » Version: 8.2.0.0

cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0
Oracle » Communications Session Route Manager » Version: 8.2.1

cpe:2.3:a:oracle:communications_session_route_manager:8.2.1
Oracle » Communications Session Route Manager » Version: 8.2.2

cpe:2.3:a:oracle:communications_session_route_manager:8.2.2
Oracle » Communications Session Route Manager » Version: 8.2.2.1

cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1
Oracle » Communications Session Route Manager » Version: 8.2.4

cpe:2.3:a:oracle:communications_session_route_manager:8.2.4
Oracle » Communications Session Route Manager » Version: 8.2.4.0

cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0
Oracle » Communications Session Route Manager » Version: 8.2.5

cpe:2.3:a:oracle:communications_session_route_manager:8.2.5
Oracle » Financial Services Crime And Compliance Management Studio » Version: 8.0.8.2.0

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0
Oracle » Financial Services Crime And Compliance Management Studio » Version: 8.0.8.3.0

cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0
Oracle » Financial Services Enterprise Case Management » Version: 8.0.7.2.0

cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2.0
Oracle » Financial Services Enterprise Case Management » Version: 8.0.8.1.0

cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1.0
Oracle » Flexcube Universal Banking » Version: 12.4.0

cpe:2.3:a:oracle:flexcube_universal_banking:12.4.0
Oracle » Flexcube Universal Banking » Version: 14.0.0

cpe:2.3:a:oracle:flexcube_universal_banking:14.0.0
Oracle » Flexcube Universal Banking » Version: 14.1.0

cpe:2.3:a:oracle:flexcube_universal_banking:14.1.0
Oracle » Flexcube Universal Banking » Version: 14.2.0

cpe:2.3:a:oracle:flexcube_universal_banking:14.2.0
Oracle » Flexcube Universal Banking » Version: 14.3.0

cpe:2.3:a:oracle:flexcube_universal_banking:14.3.0
Oracle » Flexcube Universal Banking » Version: 14.5.0

cpe:2.3:a:oracle:flexcube_universal_banking:14.5.0
Oracle » Healthcare Data Repository » Version: 8.1.0

cpe:2.3:a:oracle:healthcare_data_repository:8.1.0
Oracle » Insurance Policy Administration » Version: 11.0.2

cpe:2.3:a:oracle:insurance_policy_administration:11.0.2
Oracle » Insurance Policy Administration » Version: 11.1.0

cpe:2.3:a:oracle:insurance_policy_administration:11.1.0
Oracle » Insurance Policy Administration » Version: 11.2.8

cpe:2.3:a:oracle:insurance_policy_administration:11.2.8
Oracle » Insurance Policy Administration » Version: 11.3.0

cpe:2.3:a:oracle:insurance_policy_administration:11.3.0
Oracle » Insurance Policy Administration » Version: 11.3.1

cpe:2.3:a:oracle:insurance_policy_administration:11.3.1
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.57

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.58

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
Oracle » Peoplesoft Enterprise Peopletools » Version: 8.59

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59
Oracle » Primavera Unifier » Version: 17.10

cpe:2.3:a:oracle:primavera_unifier:17.10
Oracle » Primavera Unifier » Version: 17.11

cpe:2.3:a:oracle:primavera_unifier:17.11
Oracle » Primavera Unifier » Version: 17.12

cpe:2.3:a:oracle:primavera_unifier:17.12
Oracle » Primavera Unifier » Version: 17.7

cpe:2.3:a:oracle:primavera_unifier:17.7
Oracle » Primavera Unifier » Version: 17.8

cpe:2.3:a:oracle:primavera_unifier:17.8
Oracle » Primavera Unifier » Version: 17.9

cpe:2.3:a:oracle:primavera_unifier:17.9
Oracle » Primavera Unifier » Version: 18.8

cpe:2.3:a:oracle:primavera_unifier:18.8
Oracle » Primavera Unifier » Version: 19.12

cpe:2.3:a:oracle:primavera_unifier:19.12
Oracle » Primavera Unifier » Version: 20.12

cpe:2.3:a:oracle:primavera_unifier:20.12
Oracle » Utilities Testing Accelerator » Version: 6.0.0.1.1

cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1
Oracle » Utilities Testing Accelerator » Version: 6.0.0.2.2

cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2
Oracle » Utilities Testing Accelerator » Version: 6.0.0.3.1

cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1
Oracle » Communications Messaging Server » Version: 8.1

cpe:2.3:o:oracle:communications_messaging_server:8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-35515

Products

Pricing

Contact Us