CVE-2021-36373
- Source
- https://cve.org/CVERecord?id=CVE-2021-36373
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-36373.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-36373
- Aliases
- Downstream
- Related
- Published
- 2021-07-14T07:15:08.237Z
- Modified
- 2026-05-28T04:08:40.868922199Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "introduced": "8.0.6" }, { "last_affected": "8.1.1" } ], "vendor_product": "oracle:financial_services_analytical_applications_infrastructure", "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*" ] }, { "extracted_events": [ { "introduced": "11.0" }, { "last_affected": "11.3.1" } ], "vendor_product": "oracle:insurance_policy_administration", "source": "CPE_RANGE", "cpes": [ "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*" ] }, { "cpes": [ "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:primavera_gateway", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "17.12.0" }, { "last_affected": "17.12.11" }, { "introduced": "18.8.0" }, { "last_affected": "18.8.12" }, { "introduced": "19.12.0" }, { "last_affected": "19.12.11" }, { "introduced": "20.12.0" }, { "last_affected": "20.12.7" } ] }, { "cpes": [ "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:primavera_unifier", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "17.7" }, { "last_affected": "17.12" } ] }, { "cpes": [ "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:timesten_in-memory_database", "source": "CPE_RANGE", "extracted_events": [ { "fixed": "11.2.2.8.27" } ] }, { "cpes": [ "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*" ], "vendor_product": "oracle:utilities_framework", "source": "CPE_RANGE", "extracted_events": [ { "introduced": "4.3.0.1.0" }, { "last_affected": "4.3.0.6.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*" ], "vendor_product": "oracle:agile_plm", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "9.3.6" } ] }, { "cpes": [ "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*" ], "vendor_product": "oracle:banking_trade_finance", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.5" } ] }, { "cpes": [ "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*" ], "vendor_product": "oracle:banking_treasury_management", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.5" } ] }, { "extracted_events": [ { "last_affected": "1.9.0" } ], "vendor_product": "oracle:communications_cloud_native_core_automated_test_suite", "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*" ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_cloud_native_core_binding_support_function", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "1.11.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_order_and_service_management", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "7.3" }, { "last_affected": "7.4" } ] }, { "cpes": [ "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:communications_unified_inventory_management", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "7.3.0" }, { "last_affected": "7.4.0" }, { "last_affected": "7.4.1" }, { "last_affected": "7.4.2" }, { "last_affected": "7.5.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:enterprise_repository", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "11.1.1.7.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*" ], "vendor_product": "oracle:primavera_unifier", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "18.8" }, { "last_affected": "19.12" }, { "last_affected": "20.12" } ] }, { "cpes": [ "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:real-time_decision_server", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "3.2.0.0" }, { "last_affected": "11.1.1.9.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_advanced_inventory_planning", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.1" }, { "last_affected": "15.0" }, { "last_affected": "16.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_back_office", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.0" }, { "last_affected": "14.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_bulk_data_integration", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "16.0.3.0" }, { "last_affected": "19.0.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_central_office", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.0" }, { "last_affected": "14.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_eftlink", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "19.0.1" }, { "last_affected": "20.0.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_extract_transform_and_load", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "13.2.8" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_financial_integration", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.1.3.2" }, { "last_affected": "15.0.4.0" }, { "last_affected": "16.0.3.0" } ] }, { "extracted_events": [ { "last_affected": "14.1.3.2" }, { "last_affected": "15.0.4.0" }, { "last_affected": "16.0.3.0" }, { "last_affected": "19.0.1.0" } ], "vendor_product": "oracle:retail_integration_bus", "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*" ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_invoice_matching", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "16.0.3" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_merchandising_system", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "19.0.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_point-of-service", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.0" }, { "last_affected": "14.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_predictive_application_server", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.1.3" }, { "last_affected": "15.0.3" }, { "last_affected": "16.0.3.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_service_backbone", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.1.3.2" }, { "last_affected": "15.0.4.0" }, { "last_affected": "16.0.3.0" }, { "last_affected": "19.0.1.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_store_inventory_management", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "14.1" }, { "last_affected": "15.0" }, { "last_affected": "16.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:retail_xstore_point_of_service", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "16.0.6" }, { "last_affected": "17.0.4" }, { "last_affected": "18.0.3" }, { "last_affected": "19.0.2" }, { "last_affected": "20.0.1" } ] }, { "cpes": [ "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*" ], "vendor_product": "oracle:utilities_framework", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "4.2.0.2.0" }, { "last_affected": "4.2.0.3.0" }, { "last_affected": "4.4.0.0.0" }, { "last_affected": "4.4.0.2.0" }, { "last_affected": "4.4.0.3.0" } ] }, { "cpes": [ "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*" ], "vendor_product": "oracle:utilities_testing_accelerator", "source": "CPE_STRING", "extracted_events": [ { "last_affected": "6.0.0.1.1" } ] } ] }- References
-
- https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3Ccommits.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3Cnotifications.groovy.apache.org%3E
- https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3Cdev.myfaces.apache.org%3E
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E
- https://security.netapp.com/advisory/ntap-20210819-0007/
- https://ant.apache.org/security.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html