apache commons-compress CVE-2021-35515 vulnerability in Apache and Other Products
Published on July 13, 2021

Apache Commons Compress 1.6 to 1.20 denial of service vulnerability

product logo product logo product logo
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

NVD

Weakness Type

Excessive Iteration

The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the software or its host system; it depends on the amount of resources consumed per iteration.


Products Associated with CVE-2021-35515

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-35515 are published in these products:

Apache Commons Compress
 
NetApp Active Iq Unified Manager
 
NetApp Oncommand Insight
 
Oracle Communications Session Route Manager
 
Oracle Financial Services Enterprise Case Management
 
Oracle Peoplesoft Enterprise Peopletools
 
Oracle Primavera Unifier
 
Oracle Communications Messaging Server
 
Oracle Banking Digital Experience
 
Oracle Banking Enterprise Default Management
 
Oracle Banking Party Management
 
Oracle Business Process Management Suite
 
Oracle Commerce Guided Search
 
Oracle Communications Cloud Native Core Service Communication Proxy
 
Oracle Communications Cloud Native Core Unified Data Repository
 
Oracle Utilities Testing Accelerator
 
Oracle Banking Payments
 
Oracle Banking Trade Finance
 
Oracle Banking Treasury Management
 
Oracle Communications Billing Revenue Management
 
Oracle Communications Cloud Native Core Automated Test Suite
 
Oracle Communications Diameter Intelligence Hub
 
Oracle Flexcube Universal Banking
 
Oracle Healthcare Data Repository
 
Oracle Insurance Policy Administration
 
Oracle Financial Services Crime Compliance Management Studio
 

Affected Versions

Apache Software Foundation Apache Commons Compress:

Exploit Probability

EPSS
0.60%
Percentile
69.08%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.