{"containers": {"cna": {"affected": [{"product": "Apache Ant", "vendor": "Apache Software Foundation", "versions": [{"changes": [{"at": "1.9.0", "status": "affected"}], "lessThanOrEqual": "1.9.15", "status": "affected", "version": "Apache Ant 1.9.x", "versionType": "custom"}, {"changes": [{"at": "1.10.0", "status": "affected"}], "lessThanOrEqual": "1.10.10", "status": "affected", "version": "Apache Ant 1.10.x", "versionType": "custom"}, {"lessThan": "1.9.0", "status": "unaffected", "version": "Apache Ant", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "This issue is similar to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517 present in Apache Commons Compress which has been detected by OSS Fuzz."}], "descriptions": [{"lang": "en", "value": "When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-130", "description": "CWE-130 Improper Handling of Length Parameter Inconsistency ", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-07-25T16:30:21", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ant.apache.org/security.html"}, {"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E"}, {"name": "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E"}, {"name": "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E"}, {"name": "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E"}, {"name": "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210819-0007/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Ant TAR archive denial of service vulnerability", "workarounds": [{"lang": "en", "value": "Apache Ant 1.9.x users should upgrade to 1.9.16 or later.\nApache Ant 1.10.x users should upgrade to 1.10.11 or later."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-36373", "STATE": "PUBLIC", "TITLE": "Apache Ant TAR archive denial of service vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Ant", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache Ant 1.9.x", "version_value": "1.9.15"}, {"version_affected": "<=", "version_name": "Apache Ant 1.10.x", "version_value": "1.10.10"}, {"version_affected": ">=", "version_name": "Apache Ant 1.9.x", "version_value": "1.9.0"}, {"version_affected": ">=", "version_name": "Apache Ant 1.10.x", "version_value": "1.10.0"}, {"version_affected": "!<", "version_name": "Apache Ant", "version_value": "1.9.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "This issue is similar to https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517 present in Apache Commons Compress which has been detected by OSS Fuzz."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-130 Improper Handling of Length Parameter Inconsistency "}]}]}, "references": {"reference_data": [{"name": "https://ant.apache.org/security.html", "refsource": "MISC", "url": "https://ant.apache.org/security.html"}, {"name": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E"}, {"name": "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E"}, {"name": "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E"}, {"name": "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E"}, {"name": "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"name": "https://security.netapp.com/advisory/ntap-20210819-0007/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210819-0007/"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://www.oracle.com/security-alerts/cpujul2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Apache Ant 1.9.x users should upgrade to 1.9.16 or later.\nApache Ant 1.10.x users should upgrade to 1.10.11 or later."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:54:51.488Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ant.apache.org/security.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E"}, {"name": "[groovy-commits] 20210714 [groovy] 08/09: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E"}, {"name": "[groovy-commits] 20210715 [groovy] 02/07: GROOVY-10169: Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E"}, {"name": "[groovy-notifications] 20210715 [jira] [Resolved] (GROOVY-10169) Bump Ant version to 1.10.11 (incorporates CVE-2021-36373 and CVE-2021-36374)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E"}, {"name": "[myfaces-dev] 20210830 [GitHub] [myfaces-tobago] lofwyr14 opened a new pull request #1215: build: CVE fix", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210819-0007/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-36373", "datePublished": "2021-07-14T06:20:11", "dateReserved": "2021-07-12T00:00:00", "dateUpdated": "2024-08-04T00:54:51.488Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", "matchCriteriaId": "C89ED6A3-3C13-4D67-A2B2-BF2A9FF9E03B", "versionEndExcluding": "1.9.16", "versionStartIncluding": "1.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", "matchCriteriaId": "87EE8429-8072-48A8-B406-3A8487A350B6", "versionEndExcluding": "1.10.11", "versionStartIncluding": "1.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "21CC9E01-616E-411B-B0C7-DE6E599D3319", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", "matchCriteriaId": "16F73C3A-A5C1-46F5-91E4-22F97A79E703", "versionEndIncluding": "8.1.1", "versionStartIncluding": "8.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C", "versionEndIncluding": "11.3.1", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48", "versionEndIncluding": "17.12.11", "versionStartIncluding": "17.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "301E7158-9090-467C-B3B4-30A8DB3B395D", "versionEndIncluding": "18.8.12", "versionStartIncluding": "18.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBEFACB1-C8EA-492B-8F85-A564DB363C83", "versionEndIncluding": "19.12.11", "versionStartIncluding": "19.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792", "versionEndIncluding": "20.12.7", "versionStartIncluding": "20.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9", "versionEndIncluding": "17.12", "versionStartIncluding": "17.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "3DBAC91D-14AA-4FEA-BBDA-C09CB5B3B831", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "43DA1635-08DA-434D-AA39-20D117468B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "C401E65A-8FA0-44E6-9AFC-6CC06498122F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F09182F-D0F2-41A7-A4AB-79099194B2CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "44AA1B51-8A24-48F0-B16F-803D69698707", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "919DED83-2F88-4202-9556-5F4E5E1E6790", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A29C39DD-971B-4A3F-BA08-91C8CC9B4A32", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "97DD0665-C420-4F6F-AD1F-07674B13614E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1581DEE7-48C3-4832-B616-A25D9DD3E898", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "77326E29-0F3C-4BF1-905F-FF89EB9A897A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", "matchCriteriaId": "C1933509-1BEA-45DA-B6AF-2713B432B1F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DA1BF68-635B-4577-B3F7-DEBC39567C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B202AEF-1197-441B-8EA1-2913BFD8A545", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", "matchCriteriaId": "513AE97F-161C-43D2-B2D1-653125A9E920", "versionEndExcluding": "11.2.2.8.27", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB", "versionEndIncluding": "4.3.0.6.0", "versionStartIncluding": "4.3.0.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected."}, {"lang": "es", "value": "Cuando se lee un archivo TAR especialmente dise\u00f1ado, se puede hacer que una compilaci\u00f3n de Apache Ant asigne grandes cantidades de memoria que finalmente conlleva a un error de falta de memoria, incluso para entradas peque\u00f1as. Esto puede ser usado para interrumpir las compilaciones usando Apache Ant. Apache Ant versiones anteriores a 1.9.16 y 1.10.11 estaban afectados"}], "id": "CVE-2021-36373", "lastModified": "2024-11-21T06:13:37.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-14T07:15:08.237", "references": [{"source": "security@apache.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://ant.apache.org/security.html"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210819-0007/"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "security@apache.org", "tags": ["Not Applicable"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://ant.apache.org/security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210819-0007/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "https://www.oracle.com/security-alerts/cpujul2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-130"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2022:5903", "cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13", "package": "ant", "product_name": "RHPAM 7.13.0 async", "release_date": "2022-08-04T00:00:00Z"}], "bugzilla": {"description": "ant: excessive memory allocation when reading a specially crafted TAR archive", "id": "1982336", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982336"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-770", "details": ["When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected."], "name": "CVE-2021-36373", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform", "fix_state": "Out of support scope", "package_name": "ant", "product_name": "Red Hat BPM Suite 6"}, {"cpe": "cpe:/a:redhat:jboss_developer_studio:12.", "fix_state": "Fix deferred", "package_name": "ant", "product_name": "Red Hat CodeReady Studio 12"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "ant", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ant", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "ant:1.10/ant", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "ant", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "ant", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Fix deferred", "package_name": "ant", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:6", "fix_state": "Out of support scope", "package_name": "ant", "product_name": "Red Hat JBoss BRMS 6"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Not affected", "package_name": "ant", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "ant", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "ant", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "ant", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Not affected", "package_name": "ant", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Fix deferred", "package_name": "jenkins", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "jenkins", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-metering-hive", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Fix deferred", "package_name": "rh-maven36-ant", "product_name": "Red Hat Software Collections"}], "public_date": "2021-07-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-36373\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-36373"], "statement": "OpenShift Container Platform 4 (OCP) ships affected version of Apache Ant in the ose-metering-hive container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence ose-metering-hive container has been marked as 'will not fix'.\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html", "threat_severity": "Low"}

{}