Description


When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Related CPE's



a

oracle

banking_apis

5

a

oracle

banking_digital_experience

5




a

oracle

banking_platform

4



a

oracle

business_process_management_suite

2






a

oracle

communications_diameter_intelligence_hub

2




a

oracle

communications_unified_inventory_management

4


a

oracle

financial_services_crime_and_compliance_management_studio

2

a

oracle

financial_services_enterprise_case_management

3

a

oracle

flexcube_universal_banking

3


a

oracle

insurance_policy_administration

5

a

oracle

peoplesoft_enterprise_peopletools

3

a

oracle

primavera_gateway

4

a

oracle

primavera_unifier

4

a

oracle

utilities_testing_accelerator

3

a

oracle

webcenter_portal

2


a

netapp

active_iq_unified_manager

3

References



































Weaknesses



NVD-CWE-Other


CWE-130

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-13T08:15:07.310

3 years ago

Last modified

2023-11-07T03:36:42.777

1 year ago