CVE-2021-36373

Improper Handling of Length Parameter Inconsistency in Apache Ant

Description

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

5.5

Severity

Medium

Ecosystem

Java

Publish Date

August 2, 2021

Modified Date

February 19, 2024

Score Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Versions