CVE-2021-35515

CVE-2021-35515: Apache Commons Compress 1.6 to 1.20 denial of service vulnerability

Vendor Apache Software Foundation

Product Apache Commons Compress

Weakness CWE-834

Published July 13, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Key dates

Disclosure timeline

July 13, 2021 CVE published

August 4, 2024 Record updated