DEBIAN-CVE-2021-36373

DEBIAN-CVE-2021-36373 PUBLISHED CVSS 5.5 MEDIUM

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:14	ant	0, 0, 0
Debian:13	ant	0, 0, 0
Debian:12	ant	0, 0, 0
Debian:11	ant	1.10.13-1, 1.10.13-2, 1.10.14-1

Timeline

Jul 14, 2021 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2021-36373 advisory

Open in Interactive Console →