CVE-2021-36374
- Source
- https://cve.org/CVERecord?id=CVE-2021-36374
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36374.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-36374
- Aliases
- Downstream
- Related
- Published
- 2021-07-14T07:15:08.400Z
- Modified
- 2026-04-02T07:04:47.687459Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
- References
-
- https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E
- https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210819-0007/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://ant.apache.org/security.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Affected packages
Git / github.com/apache/ant
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/ant
- Events
-
IntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "1.9.0" }, { "fixed": "1.9.16" }, { "introduced": "1.10.0" }, { "fixed": "1.10.11" }, { "introduced": "0" }, { "last_affected": "1.9.0" }, { "introduced": "0" }, { "last_affected": "14.1" }, { "introduced": "0" }, { "last_affected": "14.1" }, { "introduced": "0" }, { "last_affected": "14.1" }, { "introduced": "0" }, { "last_affected": "14.1" }, { "introduced": "0" }, { "last_affected": "14.1" } ] }
Affected versions
ANT_1.*
ANT_1.10.0_RC1
ANT_1.10.10_RC1
ANT_1.10.1_RC1
ANT_1.10.2_RC1
ANT_1.10.3_RC2
ANT_1.10.4_RC1
ANT_1.10.5_RC1
ANT_1.10.6_RC1
ANT_1.10.6_RC2
ANT_1.10.7_RC1
ANT_1.10.8_RC1
ANT_1.10.9_RC1
ANT_1.9.13_RC1
ANT_1.9.15_RC1
Other
ANT_11
ANT_12
ANT_13
ANT_13_B1
ANT_13_B2
ANT_13_B3
ANT_13_MAIN_MERGE4
ANT_14
ANT_141
ANT_141_B1
ANT_14_B1
ANT_14_B2
ANT_151_B1
ANT_151_FINAL
ANT_152_B1
ANT_152_FINAL
ANT_153
ANT_154
ANT_15_B1
ANT_15_B2
ANT_15_B3
ANT_15_FINAL
ANT_15_RC1
ANT_160
ANT_161
ANT_161_B1
ANT_162
ANT_162_B1
ANT_163
ANT_163_B1
ANT_164
ANT_165
ANT_16_B1
ANT_16_B2
ANT_16_B3
ANT_170
ANT_170_B1
ANT_170_B2
ANT_170_B3
ANT_170_RC1
ANT_171
ANT_171_B1
ANT_180
ANT_180_RC1
ANT_181
ANT_182
ANT_183
ANT_184
ANT_190
ANT_191
ANT_1914_RC1
ANT_192
ANT_193
ANT_194
ANT_195
ANT_195_RC1
ANT_196
ANT_196_RC1
ANT_197_RC1
ANT_198_RC1
ANT_199_RC1
ANT_1_10_3_RC1
ANT_1_9_10_RC1
ANT_1_9_11_RC1
ANT_1_9_12_RC1
ANT_DOCS_PRE_14
ANT_MAIN_13_MERGE1
ANT_MAIN_13_MERGE4
ANT_MAIN_14
ANT_MAIN_14B2
ANT_MAIN_15B2
ANT_MAIN_15B3
ANT_MAIN_15FINAL
MYRMIDON_PRE_CONF_MUNGE
TOMCAT_31_BETA1
TOMCAT_31_FINAL
TOMCAT_31_M1
TOMCAT_31_M1_RC1
TOMCAT_31_RC1
temp
rel/1.*
rel/1.1
rel/1.10.0
rel/1.10.1
rel/1.10.10
rel/1.10.2
rel/1.10.3
rel/1.10.4
rel/1.10.5
rel/1.10.6
rel/1.10.7
rel/1.10.8
rel/1.10.9
rel/1.2
rel/1.3
rel/1.4
rel/1.5
rel/1.5.1
rel/1.5.2
rel/1.5.3
rel/1.5.4
rel/1.6.0
rel/1.6.1
rel/1.6.2
rel/1.6.3
rel/1.6.4
rel/1.6.5
rel/1.7.0
rel/1.7.1
rel/1.8.0
rel/1.8.1
rel/1.8.2
rel/1.8.3
rel/1.8.4
rel/1.9.0
rel/1.9.1
rel/1.9.10
rel/1.9.11
rel/1.9.12
rel/1.9.13
rel/1.9.14
rel/1.9.15
rel/1.9.2
rel/1.9.3
rel/1.9.4
rel/1.9.5
rel/1.9.6
rel/1.9.7
rel/1.9.8
rel/1.9.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36374.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.2.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.3.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.11.0"
}
]
},
{
"events": [
{
"introduced": "8.0.0"
},
{
"last_affected": "8.1.0"
}
]
},
{
"events": [
{
"introduced": "8.2.0"
},
{
"last_affected": "8.2.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.1.7.0"
}
]
},
{
"events": [
{
"introduced": "8.0.6"
},
{
"last_affected": "8.1.1"
}
]
},
{
"events": [
{
"introduced": "3.0.1"
},
{
"last_affected": "3.0.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0.1"
}
]
},
{
"events": [
{
"introduced": "11.0"
},
{
"last_affected": "11.3.1"
}
]
},
{
"events": [
{
"introduced": "17.12.0"
},
{
"last_affected": "17.12.11"
}
]
},
{
"events": [
{
"introduced": "18.8.0"
},
{
"last_affected": "18.8.12"
}
]
},
{
"events": [
{
"introduced": "19.12.0"
},
{
"last_affected": "19.12.11"
}
]
},
{
"events": [
{
"introduced": "20.12.0"
},
{
"last_affected": "20.12.7"
}
]
},
{
"events": [
{
"introduced": "17.7"
},
{
"last_affected": "17.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.6.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.2.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11.1.1.9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "13.2.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.1.3.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0.4.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "18.0.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "19.0.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "20.0.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "11.2.2.8.27"
}
]
},
{
"events": [
{
"introduced": "4.3.0.1.0"
},
{
"last_affected": "4.3.0.6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.2.0.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.2.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.4.0.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.4.0.2.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.4.0.3.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0.0.1.1"
}
]
}
]