漏洞信息详情
Apache Commons Compress 安全漏洞
- CNNVD编号:CNNVD-202107-899 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2021-36090
- 漏洞类型: 其他
- 发布时间: 2021-07-13
- 威胁类型: 远程
- 更新时间: 2021-12-01
- 厂 商:
- 漏洞来源:
-
漏洞简介
Apache Commons Compress是美国阿帕奇(Apache)基金会的一个用于处理压缩文件的库。
Apache Commons Compress 存在安全漏洞,该漏洞源于当读取特殊设计的ZIP归档文件时,Compress可以分配大量内存,从而导致小输入出现内存不足错误。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
参考网址
来源:MLIST
链接:https://lists.apache.org/thread.html/rd4332baaf6debd03d60deb7ec93bee49e5fdbe958cb6800dff7fb00e@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rbbf42642c3e4167788a7c13763d192ee049604d099681f765385d99d@%3Cdev.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rf3f0a09fee197168a813966c5816157f6c600a47313a0d6813148ea6@%3Cissues.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rfba19167efc785ad3561e7ef29f340d65ac8f0d897aed00e0731e742@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r54049b66afbca766b6763c7531e9fe7a20293a112bcb65462a134949@%3Ccommits.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rf93b6bb267580e01deb7f3696f7eaca00a290c66189a658cf7230a1a@%3Cissues.drill.apache.org%3E
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2021/07/13/6
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2021/07/13/4
来源:MISC
链接:https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rab292091eadd1ecc63c516e9541a7f241091cf2e652b8185a6059945@%3Ccommits.druid.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r75ffc7a461e7e7ae77690fa75bd47bb71365c732e0fbcc44da4f8ff5@%3Cdev.tomcat.apache.org%3E
来源:CONFIRM
链接:https://security.netapp.com/advisory/ntap-20211022-0001/
来源:MLIST
链接:https://lists.apache.org/thread.html/rbe91c512c5385181149ab087b6c909825d34299f5c491c6482a2ed57@%3Ccommits.druid.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r9f54c0caa462267e0cc68b49f141e91432b36b23348d18c65bd0d040@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r9a23d4dbf4e34d498664080bff59f2893b855eb16dae33e4aa92fa53@%3Cannounce.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r3227b1287e5bd8db6523b862c22676b046ad8f4fc96433225f46a2bd@%3Cissues.drill.apache.org%3E
来源:MISC
链接:https://commons.apache.org/proper/commons-compress/security-reports.html
来源:MLIST
链接:https://lists.apache.org/thread.html/rb5fa2ee61828fa2e42361b58468717e84902dd71c4aea8dc0b865df7@%3Cnotifications.james.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rf2f4d7940371a7c7c5b679f50e28fc7fcc82cd00670ced87e013ac88@%3Ccommits.druid.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/racd0c0381c8404f298b226cd9db2eaae965b14c9c568224aa3f437ae@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rb7adf3e55359819e77230b4586521e5c6874ce5ed93384bdc14d6aee@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r25f4c44616045085bc3cf901bb7e68e445eee53d1966fc08998fc456@%3Cdev.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r4f03c5de923e3f2a8c316248681258125140514ef3307bfe1538e1ab@%3Cdev.drill.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r67ef3c07fe3b8c1b02d48012149d280ad6da8e4cec253b527520fb2b@%3Cdev.poi.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38@%3Cuser.ant.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rba65ed5ddb0586f5b12598f55ec7db3633e7b7fede60466367fbf86a@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rb064d705fdfa44b5dae4c366b369ef6597951083196321773b983e71@%3Ccommits.pulsar.apache.org%3E
来源:MISC
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:MLIST
链接:https://lists.apache.org/thread.html/rb6e1fa80d34e5ada45f72655d84bfd90db0ca44ef19236a49198c88c@%3Cnotifications.skywalking.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/r0e87177f8e78b4ee453cd4d3d8f4ddec6f10d2c27707dd71e12cafc9@%3Cannounce.apache.org%3E
来源:MLIST
链接:https://lists.apache.org/thread.html/rc7df4c2f0bbe2028a1498a46d322c91184f7a369e3e4c57d9518cacf@%3Cdev.drill.apache.org%3E
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6492617
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6516470
来源:www.oracle.com
链接:https://www.oracle.com/security-alerts/cpuoct2021.html
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Apache-Commons-Compress-denial-of-service-via-ZIP-36055
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021080809
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6489683
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6501221
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6492217
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6507013
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3397
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071408
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6509702
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6519948
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.2651
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6514411
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6482503
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6516776
来源:access.redhat.com
链接:https://access.redhat.com/security/cve/cve-2021-36090
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2021.3130
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021100411
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/6498141
受影响实体
暂无
补丁
- Apache Commons Compress 资源管理错误漏洞的修复措施<!--2021-7-13-->
还没有评论,来说两句吧...