Improper Handling of Length Parameter Inconsistency

CVE-2021-36373

Medium

5.5/10

Summary

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-130 - Improper Handling of Length Parameter Inconsistency

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

References

Advisory
Advisory
Mail Thread

Advisory Timeline

Published Jul 14, 2021

Improper Handling of Length Parameter Inconsistency

CVE-2021-36373

Summary

CWE-130 - Improper Handling of Length Parameter Inconsistency

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS