GHSA-5v34-g2px-j4fw

Source

https://github.com/advisories/GHSA-5v34-g2px-j4fw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-5v34-g2px-j4fw/GHSA-5v34-g2px-j4fw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5v34-g2px-j4fw

Aliases

CVE-2021-36374

Published

2021-08-02T16:56:31Z

Modified

2024-03-01T20:31:22.121723Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Improper Handling of Length Parameter Inconsistency in Apache Ant

Details

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Database specific

{
    "nvd_published_at": "2021-07-14T07:15:00Z",
    "cwe_ids": [
        "CWE-130"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-07-15T19:18:28Z"
}

References

Affected packages

Maven / org.apache.ant:ant

Package

Name: org.apache.ant:ant; View open source insights on deps.dev
Purl: pkg:maven/org.apache.ant/ant

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.9.0

Fixed

1.9.16

Affected versions

1.*

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

1.9.5

1.9.6

1.9.7

1.9.8

1.9.9

1.9.10

1.9.11

1.9.12

1.9.13

1.9.14

1.9.15

Maven / org.apache.ant:ant

Package

Name: org.apache.ant:ant; View open source insights on deps.dev
Purl: pkg:maven/org.apache.ant/ant

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.10.0

Fixed

1.10.11

Affected versions

1.*

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.10.10