Vulnerabilities > CVE-2021-35515 - Infinite Loop vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
apache
netapp
oracle
CWE-835

Summary

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Vulnerable Configurations

Part Description Count
Application
Apache
17
Application
Netapp
4
Application
Oracle
64
OS
Oracle
1

References