HIGH✓ PATCH🇬🇧 English

CVE-2021-35515

CVSS 7.5v3.1pub. 2021-07-13upd. 2024-11-21

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Apache Commons Compress

    APP
    Apache
    1.6 – 1.20
  • Netapp Active Iq Unified Manager

    APP
    Netapp
    wszystkie wersje
  • Netapp Oncommand Insight

    APP
    Netapp
    wszystkie wersje
  • Oracle Banking Digital Experience

    APP
    Oracle
    19.120.121.118.1 – 18.3
  • Oracle Banking Enterprise Default Management

    APP
    Oracle
    2.7.0
  • Oracle Banking Party Management

    APP
    Oracle
    2.7.0
  • Oracle Banking Payments

    APP
    Oracle
    14.5
  • Oracle Banking Trade Finance

    APP
    Oracle
    14.5
  • Oracle Banking Treasury Management

    APP
    Oracle
    14.5
  • Oracle Business Process Management Suite

    APP
    Oracle
    12.2.1.3.012.2.1.4.0
  • Oracle Commerce Guided Search

    APP
    Oracle
    11.3.2
  • Oracle Communications Billing And Revenue Management

    APP
    Oracle
    12.0.0.4
  • Oracle Communications Cloud Native Core Automated Test Suite

    APP
    Oracle
    1.8.0
  • Oracle Communications Cloud Native Core Service Communication Proxy

    APP
    Oracle
    1.14.0
  • Oracle Communications Cloud Native Core Unified Data Repository

    APP
    Oracle
    1.14.0
  • Oracle Communications Diameter Intelligence Hub

    APP
    Oracle
    8.0.0 – 8.2.3
  • Oracle Communications Messaging Server

    OS
    Oracle
    8.1
  • Oracle Communications Session Route Manager

    APP
    Oracle
    8.0.0 – 8.2.5
  • Oracle Financial Services Crime And Compliance Management Studio

    APP
    Oracle
    8.0.8.2.08.0.8.3.0
  • Oracle Financial Services Enterprise Case Management

    APP
    Oracle
    8.0.7.2.08.0.8.1.0
  • Oracle Flexcube Universal Banking

    APP
    Oracle
    12.4.014.5.014.0.0 – 14.3.0
  • Oracle Healthcare Data Repository

    APP
    Oracle
    8.1.0
  • Oracle Insurance Policy Administration

    APP
    Oracle
    11.0.211.1.011.2.811.3.011.3.1
  • Oracle Peoplesoft Enterprise Peopletools

    APP
    Oracle
    8.578.588.59
  • Oracle Primavera Unifier

    APP
    Oracle
    18.819.1220.1217.7 – 17.12
  • Oracle Utilities Testing Accelerator

    APP
    Oracle
    6.0.0.1.16.0.0.2.26.0.0.3.1
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)

CVE-2022-22965CRITICAL9.8⚠ KEVten sam produkt

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...

CVE-2022-22963CRITICAL9.8⚠ KEVten sam produkt

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...

CVE-2022-22947CRITICAL10.0⚠ KEVten sam produkt

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2021-35515 — HIGH 7.5 | CVEbaza.pl