ID

VAR-202107-1602


CVE

CVE-2021-36374


TITLE

Apache Ant  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010002

DESCRIPTION

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. Apache Ant Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Foundation of the United States. This tool is mainly used for software compilation, testing and deployment. A resource management error vulnerability exists in Apache Ant due to the application's failure to properly control the consumption of internal resources when processing ZIP archives. An attacker could exploit this vulnerability to trigger resource exhaustion and perform a denial of service (DoS) attack

Trust: 2.34

sources: NVD: CVE-2021-36374 // JVNDB: JVNDB-2021-010002 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-396550 // VULMON: CVE-2021-36374

AFFECTED PRODUCTS

vendor:oraclemodel:retail central officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail merchandising systemscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:15.0.3

Trust: 1.0

vendor:oraclemodel:timesten in-memory databasescope:ltversion:11.2.2.8.27

Trust: 1.0

vendor:apachemodel:antscope:ltversion:1.10.11

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:lteversion:8.1.1

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:16.0.6

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:product lifecycle analyticsscope:eqversion:3.6.1

Trust: 1.0

vendor:oraclemodel:utilities testing acceleratorscope:eqversion:6.0.0.1.1

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core binding support functionscope:eqversion:1.11.0

Trust: 1.0

vendor:oraclemodel:communications cloud native core automated test suitescope:eqversion:1.9.0

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:retail central officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.3.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:18.8.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:gteversion:3.0.1

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:lteversion:17.12

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:19.12

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:19.0.1.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:retail store inventory managementscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:banking treasury managementscope:eqversion:14.5

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.9.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:20.12.0

Trust: 1.0

vendor:apachemodel:antscope:gteversion:1.10.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.4

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.2.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:eqversion:3.0.0.1

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:gteversion:11.0

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:18.8.12

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:18.8

Trust: 1.0

vendor:oraclemodel:insurance policy administrationscope:lteversion:11.3.1

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:19.12.11

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.0.0

Trust: 1.0

vendor:oraclemodel:banking trade financescope:eqversion:14.5

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:gteversion:17.7

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:3.2.0.0

Trust: 1.0

vendor:oraclemodel:real-time decision serverscope:eqversion:11.1.1.9.0

Trust: 1.0

vendor:oraclemodel:retail back officescope:eqversion:14.1

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:20.12.7

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:communications order and service managementscope:eqversion:7.3

Trust: 1.0

vendor:oraclemodel:retail point-of-servicescope:eqversion:14.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.2.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.4.0.2.0

Trust: 1.0

vendor:oraclemodel:agile plmscope:eqversion:9.3.6

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.2.3

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:19.0.2

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:16.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:17.0.4

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:oraclemodel:retail service backbonescope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:14.1.3.2

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.5.0

Trust: 1.0

vendor:oraclemodel:financial services analytical applications infrastructurescope:gteversion:8.0.6

Trust: 1.0

vendor:oraclemodel:retail bulk data integrationscope:eqversion:19.0.1

Trust: 1.0

vendor:oraclemodel:communications diameter intelligence hubscope:lteversion:8.1.0

Trust: 1.0

vendor:oraclemodel:retail eftlinkscope:eqversion:20.0.1

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:gteversion:4.3.0.1.0

Trust: 1.0

vendor:oraclemodel:retail integration busscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:retail extract transform and loadscope:eqversion:13.2.8

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:14.1.3.2

Trust: 1.0

vendor:apachemodel:antscope:ltversion:1.9.16

Trust: 1.0

vendor:oraclemodel:agile engineering data managementscope:eqversion:6.2.1.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:eqversion:4.2.0.3.0

Trust: 1.0

vendor:oraclemodel:retail xstore point of servicescope:eqversion:18.0.3

Trust: 1.0

vendor:oraclemodel:retail invoice matchingscope:eqversion:16.0.3

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:15.0.4.0

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:19.12.0

Trust: 1.0

vendor:oraclemodel:retail advanced inventory planningscope:eqversion:15.0

Trust: 1.0

vendor:oraclemodel:utilities frameworkscope:lteversion:4.3.0.6.0

Trust: 1.0

vendor:oraclemodel:primavera unifierscope:eqversion:20.12

Trust: 1.0

vendor:oraclemodel:retail financial integrationscope:eqversion:16.0.3.0

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.0

Trust: 1.0

vendor:oraclemodel:health sciences information managerscope:lteversion:3.0.5

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:lteversion:17.12.11

Trust: 1.0

vendor:oraclemodel:retail predictive application serverscope:eqversion:14.1.3

Trust: 1.0

vendor:oraclemodel:communications unified inventory managementscope:eqversion:7.4.2

Trust: 1.0

vendor:oraclemodel:primavera gatewayscope:gteversion:17.12.0

Trust: 1.0

vendor:オラクルmodel:oracle agile plmscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail advanced inventory planningscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle real-time decision serverscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle communications unified inventory managementscope: - version: -

Trust: 0.8

vendor:apachemodel:antscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle financial services analytical applications infrastructurescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle retail back officescope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle insurance policy administrationscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera gatewayscope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle enterprise repositoryscope: - version: -

Trust: 0.8

vendor:オラクルmodel:primavera unifierscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010002 // NVD: CVE-2021-36374

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36374
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-36374
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-984
value: MEDIUM

Trust: 0.6

VULHUB: VHN-396550
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36374
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36374
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-396550
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36374
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-36374
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-396550 // VULMON: CVE-2021-36374 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984 // JVNDB: JVNDB-2021-010002 // NVD: CVE-2021-36374

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-130

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-010002 // NVD: CVE-2021-36374

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-984

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984

PATCH

title:Oracle Critical Patch Update Advisory - October 2021url:https://ant.apache.org/security.html

Trust: 0.8

title:Apache Ant Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=178519

Trust: 0.6

title:Red Hat: CVE-2021-36374url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-36374

Trust: 0.1

title:IBM: Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connectionsurl:https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=983cc8600f8f67fe35b9b5eebcf9b870

Trust: 0.1

title:Arch Linux Advisories: [ASA-202107-43] ant: denial of serviceurl:https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=ASA-202107-43

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-36374 log

Trust: 0.1

sources: VULMON: CVE-2021-36374 // CNNVD: CNNVD-202107-984 // JVNDB: JVNDB-2021-010002

EXTERNAL IDS

db:NVDid:CVE-2021-36374

Trust: 3.4

db:JVNDBid:JVNDB-2021-010002

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072011

Trust: 0.6

db:CS-HELPid:SB2022072096

Trust: 0.6

db:CS-HELPid:SB2022042272

Trust: 0.6

db:CS-HELPid:SB2022072042

Trust: 0.6

db:CS-HELPid:SB2022011911

Trust: 0.6

db:CS-HELPid:SB2022012324

Trust: 0.6

db:CS-HELPid:SB2021101927

Trust: 0.6

db:CS-HELPid:SB2022042546

Trust: 0.6

db:CS-HELPid:SB2021071409

Trust: 0.6

db:AUSCERTid:ESB-2023.1653

Trust: 0.6

db:CNNVDid:CNNVD-202107-984

Trust: 0.6

db:CNVDid:CNVD-2021-51428

Trust: 0.1

db:VULHUBid:VHN-396550

Trust: 0.1

db:VULMONid:CVE-2021-36374

Trust: 0.1

sources: VULHUB: VHN-396550 // VULMON: CVE-2021-36374 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984 // JVNDB: JVNDB-2021-010002 // NVD: CVE-2021-36374

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 2.4

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 2.4

url:https://security.netapp.com/advisory/ntap-20210819-0007/

Trust: 1.8

url:https://ant.apache.org/security.html

Trust: 1.8

url:https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3cuser.ant.apache.org%3e

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.8

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.8

url:https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3ccommits.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3cdev.myfaces.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3cnotifications.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3ccommits.groovy.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3ccommits.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3ccommits.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3cnotifications.groovy.apache.org%3e

Trust: 0.8

url:https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3cdev.myfaces.apache.org%3e

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-36374

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2021-36374

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042272

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.1653

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072042

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072096

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072011

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022042546

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071409

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022012324

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022011911

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021101927

Trust: 0.6

url:https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-october-2021-36677

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-ant-denial-of-service-via-zip-archive-length-parameter-36867

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6518994

Trust: 0.6

url:https://www.ibm.com/support/pages/node/6514441

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-apache-ant-used-by-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collec/

Trust: 0.1

sources: VULHUB: VHN-396550 // VULMON: CVE-2021-36374 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-984 // JVNDB: JVNDB-2021-010002 // NVD: CVE-2021-36374

SOURCES

db:VULHUBid:VHN-396550
db:VULMONid:CVE-2021-36374
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-984
db:JVNDBid:JVNDB-2021-010002
db:NVDid:CVE-2021-36374

LAST UPDATE DATE

2026-06-19T20:57:56.518000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-396550date:2023-02-28T00:00:00
db:VULMONid:CVE-2021-36374date:2022-07-25T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-984date:2023-03-21T00:00:00
db:JVNDBid:JVNDB-2021-010002date:2022-06-13T07:25:00
db:NVDid:CVE-2021-36374date:2026-06-17T03:58:46.193

SOURCES RELEASE DATE

db:VULHUBid:VHN-396550date:2021-07-14T00:00:00
db:VULMONid:CVE-2021-36374date:2021-07-14T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-984date:2021-07-14T00:00:00
db:JVNDBid:JVNDB-2021-010002date:2022-06-13T00:00:00
db:NVDid:CVE-2021-36374date:2021-07-14T07:15:08.400