CVE-2021-36090 in JDeveloperinfo

Summary

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

07/01/2021

Disclosure

07/13/2021

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
251173	Oracle JDeveloper denial of service	404	Not defined	Official fix	CVE-2021-36090
234857	Oracle Business Intelligence Enterprise Edition Installation denial of service	404	Not defined	Official fix	CVE-2021-36090
234800	Oracle Enterprise Data Quality General denial of service	404	Not defined	Official fix	CVE-2021-36090
226580	Oracle Business Intelligence Enterprise Edition Content Storage Service denial of service	404	Not defined	Official fix	CVE-2021-36090
226549	Oracle WebLogic Server Third Party denial of service	404	Not defined	Official fix	CVE-2021-36090
226481	Oracle Financial Services Revenue Management and Billing Infrastructure denial of service	404	Not defined	Official fix	CVE-2021-36090
226322	Oracle Blockchain Platform BCS Console denial of service	404	Not defined	Official fix	CVE-2021-36090
218729	Oracle Middleware Common Libraries and Tools Third Party Patch denial of service	404	Not defined	Official fix	CVE-2021-36090
211543	Oracle Business Intelligence Enterprise Edition Analytics Web ADF Integration denial of service	404	Not defined	Official fix	CVE-2021-36090
204334	Oracle Financial Services Crime and Compliance Management Studio denial of service	404	Not defined	Official fix	CVE-2021-36090
198063	Oracle Insurance Policy Administration Architecture denial of service	404	Not defined	Official fix	CVE-2021-36090
198034	Oracle Healthcare Data Repository FHIR Commandline denial of service	404	Not defined	Official fix	CVE-2021-36090
197996	Oracle WebCenter Portal Security denial of service	404	Not defined	Official fix	CVE-2021-36090
197946	Oracle FLEXCUBE Universal Banking Infrastructure denial of service	404	Not defined	Official fix	CVE-2021-36090
197944	Oracle Banking Treasury Management Infrastructure denial of service	404	Not defined	Official fix	CVE-2021-36090
197942	Oracle Banking Trade Finance Infrastructure denial of service	404	Not defined	Official fix	CVE-2021-36090
197941	Oracle Banking Payments Infrastructure denial of service	404	Not defined	Official fix	CVE-2021-36090
197827	Oracle Communications Diameter Intelligence Hub Integrated DIH denial of service	404	Not defined	Official fix	CVE-2021-36090
197741	Oracle Communications Billing and Revenue Management Billing Care denial of service	404	Not defined	Official fix	CVE-2021-36090
191217	Oracle Utilities Testing Accelerator Tools denial of service	404	Not defined	Official fix	CVE-2021-36090
190975	Oracle Business Process Management Suite Installer denial of service	404	Not defined	Official fix	CVE-2021-36090
190942	Oracle Banking Party Management Web UI denial of service	404	Not defined	Official fix	CVE-2021-36090
190941	Oracle Banking Enterprise Default Management Collections denial of service	404	Not defined	Official fix	CVE-2021-36090
190939	Oracle Banking Digital Experience Framework denial of service	404	Not defined	Official fix	CVE-2021-36090
190936	Oracle Banking APIs Framework denial of service	404	Not defined	Official fix	CVE-2021-36090
190822	Oracle Communications Cloud Native Core Unified Data Repository UDR denial of service	404	Not defined	Official fix	CVE-2021-36090
190821	Oracle Communications Cloud Native Core Service Communication Proxy SCP denial of service	404	Not defined	Official fix	CVE-2021-36090
190782	Oracle Communications Unified Inventory Management Inventory Organizer denial of service	404	Not defined	Official fix	CVE-2021-36090
190756	Oracle Commerce Guided Search Content Acquisition System denial of service	404	Not defined	Official fix	CVE-2021-36090
184988	Oracle PeopleSoft Enterprise PeopleTools Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184807	Oracle Financial Services Enterprise Case Management Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184806	Oracle Financial Services Analytical Applications Infrastructure Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184804	Oracle Banking Platform Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184749	Oracle Primavera Unifier Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184748	Oracle Primavera Gateway Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184724	Oracle Communications Session Route Manager Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184721	Oracle Communications Session Report Manager Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184712	Oracle Communications Element Manager Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
184658	Oracle Communications Messaging Server Apache Commons Compress denial of service	404	Not defined	Official fix	CVE-2021-36090
178443	Apache Commons Compress ZIP Archive denial of service	404	Not defined	Not defined	CVE-2021-36090

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!