CVE-2021-36090
high-risk
Published 2021-07-13
When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package.
Do I need to act?
-
0.59% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Commons Compress
Banking Apis
Banking Apis
Banking Apis
Banking Apis
Banking Apis
Banking Party Management
References (68)
and 48 more references
56
/ 100
high-risk
Severity
26/34 · High
Exploitability
2/34 · Minimal
Exposure
28/34 · Critical