CVE-2021-35516 - Denial of Service

Severity: Low2021-08-25

Security Advisories

Abstract

When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen XML Editor 23.1 and older versionsLowOxygen XML Editor 23.1 build 2021082307
Oxygen XML Developer 23.1 and older versionsLowOxygen XML Developer 23.1 build 2021082307
Oxygen XML Author 23.1 and older versionsLowOxygen XML Author 23.1 build 2021082307
Oxygen Content Fusion v4.1 and olderLowOxygen Content Fusion 4.1.2 build 2021112414

Mitigation

None

Detail

CVE-2021-35516

Severity: High

CVSS Score: 7.5

The Apache Commons Compress package used by Oxygen XML software products is an affected version mentioned in
CVE-2021-35516 vulnerability description.

Starting with version 23.1 build 2021082307, the Apache Commons Compress package was updated to version 1.21, which includes a fix for this vulnerability.

Revision History

2021-12-07 Starting with Oxygen Content Fusion version 4.1 build 2021112414, the Apache Commons Compress package was updated to version 1.21, which includes a fix for this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
webinar
What is New in Oxygen XML Web Author 26.1
April 24, 2024

Products

Features

Shop

Resources

Support

Company

© 2002-2024 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor