Vulnerability Details CVE-2021-36373
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.5%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://ant.apache.org/security.html
- https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E
- https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210819-0007/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://ant.apache.org/security.html
- https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E
- https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210819-0007/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Products affected by CVE-2021-36373
-
cpe:2.3:a:apache:ant:1.10.0
-
cpe:2.3:a:apache:ant:1.10.1
-
cpe:2.3:a:apache:ant:1.10.10
-
cpe:2.3:a:apache:ant:1.10.2
-
cpe:2.3:a:apache:ant:1.10.3
-
cpe:2.3:a:apache:ant:1.10.4
-
cpe:2.3:a:apache:ant:1.10.5
-
cpe:2.3:a:apache:ant:1.10.6
-
cpe:2.3:a:apache:ant:1.10.7
-
cpe:2.3:a:apache:ant:1.10.8
-
cpe:2.3:a:apache:ant:1.10.9
-
cpe:2.3:a:apache:ant:1.9.0
-
cpe:2.3:a:apache:ant:1.9.1
-
cpe:2.3:a:apache:ant:1.9.10
-
cpe:2.3:a:apache:ant:1.9.11
-
cpe:2.3:a:apache:ant:1.9.12
-
cpe:2.3:a:apache:ant:1.9.13
-
cpe:2.3:a:apache:ant:1.9.14
-
cpe:2.3:a:apache:ant:1.9.15
-
cpe:2.3:a:apache:ant:1.9.2
-
cpe:2.3:a:apache:ant:1.9.3
-
cpe:2.3:a:apache:ant:1.9.4
-
cpe:2.3:a:apache:ant:1.9.5
-
cpe:2.3:a:apache:ant:1.9.6
-
cpe:2.3:a:apache:ant:1.9.7
-
cpe:2.3:a:apache:ant:1.9.8
-
cpe:2.3:a:apache:ant:1.9.9
-
cpe:2.3:a:oracle:agile_plm:9.3.6
-
cpe:2.3:a:oracle:banking_trade_finance:14.5
-
cpe:2.3:a:oracle:banking_treasury_management:14.5
-
cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0
-
cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0
-
cpe:2.3:a:oracle:communications_order_and_service_management:7.3
-
cpe:2.3:a:oracle:communications_order_and_service_management:7.4
-
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0
-
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0
-
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1
-
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2
-
cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0
-
cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.0.1
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.3.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6.4.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7.2.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0.0.0
-
cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1
-
cpe:2.3:a:oracle:insurance_policy_administration:11.0
-
cpe:2.3:a:oracle:insurance_policy_administration:11.0.2
-
cpe:2.3:a:oracle:insurance_policy_administration:11.1.0
-
cpe:2.3:a:oracle:insurance_policy_administration:11.2.0
-
cpe:2.3:a:oracle:insurance_policy_administration:11.2.7
-
cpe:2.3:a:oracle:insurance_policy_administration:11.2.8
-
cpe:2.3:a:oracle:insurance_policy_administration:11.3.0
-
cpe:2.3:a:oracle:insurance_policy_administration:11.3.1
-
cpe:2.3:a:oracle:primavera_gateway:17.12.0
-
cpe:2.3:a:oracle:primavera_gateway:17.12.10
-
cpe:2.3:a:oracle:primavera_gateway:17.12.11
-
cpe:2.3:a:oracle:primavera_gateway:17.12.6
-
cpe:2.3:a:oracle:primavera_gateway:17.12.7
-
cpe:2.3:a:oracle:primavera_gateway:17.12.8
-
cpe:2.3:a:oracle:primavera_gateway:17.12.9
-
cpe:2.3:a:oracle:primavera_gateway:18.8.0
-
cpe:2.3:a:oracle:primavera_gateway:18.8.11
-
cpe:2.3:a:oracle:primavera_gateway:18.8.12
-
cpe:2.3:a:oracle:primavera_gateway:18.8.8
-
cpe:2.3:a:oracle:primavera_gateway:18.8.8.1
-
cpe:2.3:a:oracle:primavera_gateway:18.8.9
-
cpe:2.3:a:oracle:primavera_gateway:19.12.0
-
cpe:2.3:a:oracle:primavera_gateway:19.12.10
-
cpe:2.3:a:oracle:primavera_gateway:19.12.11
-
cpe:2.3:a:oracle:primavera_gateway:19.12.4
-
cpe:2.3:a:oracle:primavera_gateway:20.12.0
-
cpe:2.3:a:oracle:primavera_gateway:20.12.7
-
cpe:2.3:a:oracle:primavera_unifier:17.10
-
cpe:2.3:a:oracle:primavera_unifier:17.11
-
cpe:2.3:a:oracle:primavera_unifier:17.12
-
cpe:2.3:a:oracle:primavera_unifier:17.7
-
cpe:2.3:a:oracle:primavera_unifier:17.8
-
cpe:2.3:a:oracle:primavera_unifier:17.9
-
cpe:2.3:a:oracle:primavera_unifier:18.8
-
cpe:2.3:a:oracle:primavera_unifier:19.12
-
cpe:2.3:a:oracle:primavera_unifier:20.12
-
cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0
-
cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0
-
cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1
-
cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0
-
cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0
-
cpe:2.3:a:oracle:retail_back_office:14.0
-
cpe:2.3:a:oracle:retail_back_office:14.1
-
cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0
-
cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1
-
cpe:2.3:a:oracle:retail_central_office:14.0
-
cpe:2.3:a:oracle:retail_central_office:14.1
-
cpe:2.3:a:oracle:retail_eftlink:19.0.1
-
cpe:2.3:a:oracle:retail_eftlink:20.0.1
-
cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8
-
cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2
-
cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0
-
cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0
-
cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2
-
cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0
-
cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0
-
cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0
-
cpe:2.3:a:oracle:retail_invoice_matching:16.0.3
-
cpe:2.3:a:oracle:retail_merchandising_system:19.0.1
-
cpe:2.3:a:oracle:retail_point-of-service:14.0
-
cpe:2.3:a:oracle:retail_point-of-service:14.1
-
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3
-
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3
-
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0
-
cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2
-
cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0
-
cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0
-
cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0
-
cpe:2.3:a:oracle:retail_store_inventory_management:14.1
-
cpe:2.3:a:oracle:retail_store_inventory_management:15.0
-
cpe:2.3:a:oracle:retail_store_inventory_management:16.0
-
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6
-
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4
-
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3
-
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2
-
cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1
-
cpe:2.3:a:oracle:timesten_in-memory_database:-
-
cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0
-
cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0
-
cpe:2.3:a:oracle:utilities_framework:4.3.0.1.0
-
cpe:2.3:a:oracle:utilities_framework:4.3.0.2.0
-
cpe:2.3:a:oracle:utilities_framework:4.3.0.3.0
-
cpe:2.3:a:oracle:utilities_framework:4.3.0.4
-
cpe:2.3:a:oracle:utilities_framework:4.3.0.4.0
-
cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0
-
cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0
-
cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0
-
cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0
-
cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0
-
cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1