[ASA-202107-43] ant: denial of service
diabonas at archlinux.org
Tue Jul 20 19:31:00 UTC 2021
Arch Linux Security Advisory ASA-202107-43
Date : 2021-07-20
CVE-ID : CVE-2021-36373 CVE-2021-36374
Package : ant
Type : denial of service
Remote : No
Link : https://security.archlinux.org/AVG-2151
The package ant before version 1.10.11-1 is vulnerable to denial of
Upgrade to 1.10.11-1.
# pacman -Syu "ant>=1.10.11-1"
The problems have been fixed upstream in version 1.10.11.
- CVE-2021-36373 (denial of service)
When reading a specially crafted TAR archive, Apache Ant before version
1.10.11 can be made to allocate large amounts of memory that finally
leads to an out of memory error, even for small inputs. This can be
used to disrupt builds using Apache Ant.
- CVE-2021-36374 (denial of service)
When reading a specially crafted ZIP archive, or a derived format,
Apache Ant before version 1.10.11 can be made to allocate large amounts
of memory that leads to an out of memory error, even for small inputs.
This can be used to disrupt builds using Apache Ant.
A crafted TAR or ZIP archive could consume large amounts of memory,
leading to denial of service.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the arch-security