Description
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
Related CPE's
a
oracle
banking_apis
a
oracle
banking_digital_experience
a
oracle
banking_platform
a
oracle
business_process_management_suite
a
oracle
communications_diameter_intelligence_hub
a
oracle
communications_unified_inventory_management
a
oracle
financial_services_crime_and_compliance_management_studio
a
oracle
financial_services_enterprise_case_management
a
oracle
flexcube_universal_banking
a
oracle
insurance_policy_administration
a
oracle
peoplesoft_enterprise_peopletools
a
oracle
primavera_gateway
a
oracle
primavera_unifier
a
oracle
utilities_testing_accelerator
a
oracle
webcenter_portal
a
netapp
active_iq_unified_manager
References
http://www.openwall.com/lists/oss-security/2021/07/13/4
http://www.openwall.com/lists/oss-security/2021/07/13/6
https://security.netapp.com/advisory/ntap-20211022-0001/
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2021-07-13T08:15:07.310
3 years agoLast modified
2023-11-07T03:36:42.777
1 year ago