CVE-2021-35515 - Denial of Service
Severity: Low2021-08-25
Abstract
When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress sevenz package.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen XML Editor 23.1 and older versions | Low | Oxygen XML Editor 23.1 build 2021082307 |
Oxygen XML Developer 23.1 and older versions | Low | Oxygen XML Developer 23.1 build 2021082307 |
Oxygen XML Author 23.1 and older versions | Low | Oxygen XML Author 23.1 build 2021082307 |
Oxygen Content Fusion v4.1 and older | Low | Oxygen Content Fusion 4.1.2 build 2021112414 |
Detail
CVE-2021-35515
Severity: High
CVSS Score: 7.5
The Apache Commons Compress package used by Oxygen XML software products is an affected
version mentioned in
CVE-2021-35515 vulnerability description.
Starting with version 23.1 build 2021082307, the Apache Commons Compress package was updated to version 1.21, which includes a fix for this vulnerability.