PT-2021-3617 · Apache+3 · Apache Ant+3

Published

2021-07-14

Updated

2024-09-17

CVE-2021-36374

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Ant versions prior to 1.9.16 Apache Ant versions prior to 1.10.11

Description The issue is related to an uncontrolled resource consumption in Apache Ant. It can be exploited by a remote attacker to cause a denial of service. When Apache Ant reads a specially crafted ZIP archive or derived formats, it can allocate large amounts of memory, leading to an out of memory error, even with small inputs. This can disrupt builds using Apache Ant. Derived formats from ZIP archives, such as JAR files and many office files, are also affected.

Recommendations For Apache Ant versions prior to 1.9.16, update to version 1.9.16 or later. For Apache Ant versions prior to 1.10.11, update to version 1.10.11 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-130

Related Identifiers

ALT-PU-2024-17640

AZL-25954

AZL-34809

BDU:2021-03753

CVE-2021-36374

GHSA-5V34-G2PX-J4FW

OESA-2021-1277

OPENSUSE-SU-2022_1418-1

OPENSUSE-SU-2024:11688-1

SUSE-SU-2022:1417-1

SUSE-SU-2022:1418-1

Affected Products

Alt Linux

Apache Ant

Debian

Suse

PT-2021-3617 · Apache+3 · Apache Ant+3

CVE-2021-36374

Weakness Enumeration

Related Identifiers

Affected Products

References · 45