CVE-2021-36373

CVE-2021-36373: Apache Ant TAR archive denial of service vulnerability

Vendor Apache Software Foundation

Product Apache Ant

Weakness CWE-130

Published July 14, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Key dates

Disclosure timeline

July 14, 2021 CVE published

August 4, 2024 Record updated

Identifiers

CVE CVE-2021-36373

CWE CWE-130

Affected versions

Vendor Apache Software Foundation

Product Apache Ant

Affected ≥ Apache Ant 1.9.x and ≤ 1.9.15

Vendor Apache Software Foundation

Product Apache Ant

Affected ≥ Apache Ant 1.10.x and ≤ 1.10.10