CVE-2021-36373
Improper Handling of Length Parameter Inconsistency in Apache Ant
5.5
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
How to fix CVE-2021-36373
To remediate CVE-2021-36373, upgrade the affected package to a fixed version below.
- —no fix listed
- —upgrade to 1.9.16 or later
Is CVE-2021-36373 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- from 0, < 1.9.16
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |