Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
July 14, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 14, 2021Rewterz Threat Advisory – Multiple Mozilla Firefox Vulnerabilities
July 14, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
July 14, 2021Severity
High
Analysis Summary
CVE-2021-35515
Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw in the construction of the list of codecs that decompress an entry. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress’ sevenz package.
CVE-2021-35516
Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted 7Z archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress’ sevenz package.
CVE-2021-35517
Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress’ tar package.
CVE-2021-36090
Apache Commons Compress is vulnerable to a denial of service, caused by an out-of-memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause a denial of service condition against services that use Compress’ zip package.
CVE-2021-36373
Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted TAR archive, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2021-36374
Apache Ant is vulnerable to a denial of service, caused by an out-of-memory error when allocate large amounts of memory. By persuading a victim to open a specially-crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to crash.
Impact
- Denial of Service
Affected Vendors
Apache
Affected Product
Apache Commons Compress 1.6
Apache Commons Compress 1.20
Apache Ant 1.9
Apache Ant 1.10.0
Remediation
Upgrade to the latest version of Apache Commons Compress (1.21 or later), Apache Ant (1.9.16, 1.10.11 or later).