UBUNTU-CVE-2021-36374

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2021-36374
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-36374.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-36374
Related
Published
2021-07-14T07:15:00Z
Modified
2024-10-15T14:08:16Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

References

Affected packages

Ubuntu:Pro:14.04:LTS / ant

Package

Name
ant
Purl
pkg:deb/ubuntu/ant?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.2-1
1.9.3-1
1.9.3-2
1.9.3-2build1
1.9.3-2ubuntu0.1
1.9.3-2ubuntu0.1+esm1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:16.04:LTS / ant

Package

Name
ant
Purl
pkg:deb/ubuntu/ant?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.6-1ubuntu1
1.9.6-1ubuntu1.1
1.9.6-1ubuntu1.1+esm1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / ant

Package

Name
ant
Purl
pkg:deb/ubuntu/ant?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.9-4
1.9.9-5
1.9.9-6
1.9.10-1
1.9.10-2
1.10.3-1
1.10.3-1ubuntu0.1
1.10.5-3~18.04
1.10.5-3~18.04.1~esm1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:20.04:LTS / ant

Package

Name
ant
Purl
pkg:deb/ubuntu/ant?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.6-1
1.10.7-1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / ant

Package

Name
ant
Purl
pkg:deb/ubuntu/ant?arch=src?distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.9-4
1.10.11-1
1.10.12-1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:24.10 / ant

Package

Name
ant
Purl
pkg:deb/ubuntu/ant?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.14-1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}

Ubuntu:24.04:LTS / ant

Package

Name
ant
Purl
pkg:deb/ubuntu/ant?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.13-2
1.10.14-1

Ecosystem specific 

{
    "ubuntu_priority": "low"
}