PT-2021-3616 · Apache+3 · Apache Ant+3

Published

2021-07-14

Updated

2024-09-17

CVE-2021-36373

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Ant versions prior to 1.9.16 Apache Ant versions prior to 1.10.11

Description The issue is related to an uncontrolled resource consumption in the Apache Ant utility. It can be exploited by a remote attacker to cause a denial of service. When reading a specially crafted TAR archive, an Apache Ant build can allocate large amounts of memory, leading to an out of memory error, even for small inputs. This can disrupt builds using Apache Ant.

Recommendations For Apache Ant versions prior to 1.9.16, update to version 1.9.16 or later. For Apache Ant versions prior to 1.10.11, update to version 1.10.11 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-130

Related Identifiers

ALT-PU-2024-17640

AZL-25953

AZL-34808

BDU:2021-03752

CVE-2021-36373

GHSA-Q5R4-CFPX-H6FH

OESA-2021-1277

OPENSUSE-SU-2022_1418-1

OPENSUSE-SU-2024:11688-1

SUSE-SU-2022:1417-1

SUSE-SU-2022:1418-1

SUSE-SU-2022_1417-1

SUSE-SU-2022_1418-1

Affected Products

Alt Linux

Apache Ant

Debian

Suse

PT-2021-3616 · Apache+3 · Apache Ant+3

CVE-2021-36373

Weakness Enumeration

Related Identifiers

Affected Products

References · 47