ID CVE-2021-36373
Summary When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:ant:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.10:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.10:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.10:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.11:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.11:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.11:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.11:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.12:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.12:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.12:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.12:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.13:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.13:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.15:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.15:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.9.15:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.9.15:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.1:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.1:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.2:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.2:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.3:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.3:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.3:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.3:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.3:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.3:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.4:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.4:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.5:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.5:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.6:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.6:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.6:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.6:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.6:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.7:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.7:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.7:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.7:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.8:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.8:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.8:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.8:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.9:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.9:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.9:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.9:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.10:-:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.10:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:ant:1.10.10:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:ant:1.10.10:rc1:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 20-10-2021 - 11:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:P
Last major update 20-10-2021 - 11:17
Published 14-07-2021 - 07:15
Last modified 20-10-2021 - 11:17
Back to Top