漏洞信息详情
Apache Commons Compress 安全漏洞
- CNNVD编号:CNNVD-202107-896 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2021-35515
- 漏洞类型: 其他
- 发布时间: 2021-07-13
- 威胁类型: 远程
- 更新时间: 2021-11-17
- 厂 商:
- 漏洞来源:
-
漏洞简介
Apache Commons Compress是美国阿帕奇(Apache)基金会的一个用于处理压缩文件的库。
Apache Commons Compress存在安全漏洞,该漏洞源于当读取一个特殊制作的7Z归档文件时,构造解码器列表来解压缩条目可能会导致无限循环。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
参考网址
来源:MLIST
链接:https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E
来源:MISC
链接:https://commons.apache.org/proper/commons-compress/security-reports.html
来源:MLIST
链接:https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2021/07/13/1
来源:MLIST
链接:https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E
来源:MISC
链接:https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20211022-0001/
来源:MLIST
链接:https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rbaea15ddc5a7c0c6b66660f1d6403b28595e2561bb283eade7d7cd69@%3Cannounce.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:MLIST
链接:https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-35515
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071408
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Apache-Commons-Compress-overload-via-7Z-36052
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2651
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021080809
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6516778
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021100411
受影响实体
暂无
补丁
- Apache Commons Compress 安全漏洞的修复措施<!--2021-7-13-->
还没有评论,来说两句吧...