CVE-2021-36374 related to Ant version in Oracle Utilities Network Management System (NMS)
(Doc ID 2976500.1)
Last updated on NOVEMBER 06, 2023
Applies to:
Oracle Network Management for Utilities - DMS - Version 2.3.0.2.0 to 2.4.0.1.0 [Release 2.3 to 2.4]Oracle Utilities Network Management System - Version 2.3.0.2.0 to 2.4.0.1.0 [Release 2.3 to 2.4]
Information in this document applies to any platform.
Purpose
Apache Ant security advisory CVE-2021-36374 and impact to Oracle Utilities Network Management System (NMS)
Scope
NMS versions impacted:
Releases 2.3.0.2x and 2.4.0.1x.
This does not impact the latest NMS 2.5.0 and 2.6 releases.
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Questions and Answers
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Purpose |
| Scope |
| Questions and Answers |
| Details |
| References |