When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HApache Commons Compress
APPApache1.6 – 1.20Netapp Active Iq Unified Manager
APPNetappwszystkie wersjeNetapp Oncommand Insight
APPNetappwszystkie wersjeOracle Banking Digital Experience
APPOracle19.120.121.118.1 – 18.3Oracle Banking Enterprise Default Management
APPOracle2.7.0Oracle Banking Party Management
APPOracle2.7.0Oracle Banking Payments
APPOracle14.5Oracle Banking Trade Finance
APPOracle14.5Oracle Banking Treasury Management
APPOracle14.5Oracle Business Process Management Suite
APPOracle12.2.1.3.012.2.1.4.0Oracle Commerce Guided Search
APPOracle11.3.2Oracle Communications Billing And Revenue Management
APPOracle12.0.0.4Oracle Communications Cloud Native Core Automated Test Suite
APPOracle1.8.0Oracle Communications Cloud Native Core Service Communication Proxy
APPOracle1.14.0Oracle Communications Cloud Native Core Unified Data Repository
APPOracle1.14.0Oracle Communications Diameter Intelligence Hub
APPOracle8.0.0 – 8.2.3Oracle Communications Messaging Server
OSOracle8.1Oracle Communications Session Route Manager
APPOracle8.0.0 – 8.2.5Oracle Financial Services Crime And Compliance Management Studio
APPOracle8.0.8.2.08.0.8.3.0Oracle Financial Services Enterprise Case Management
APPOracle8.0.7.2.08.0.8.1.0Oracle Flexcube Universal Banking
APPOracle12.4.014.5.014.0.0 – 14.3.0Oracle Healthcare Data Repository
APPOracle8.1.0Oracle Insurance Policy Administration
APPOracle11.0.211.1.011.2.811.3.011.3.1Oracle Peoplesoft Enterprise Peopletools
APPOracle8.578.588.59Oracle Primavera Unifier
APPOracle18.819.1220.1217.7 – 17.12Oracle Utilities Testing Accelerator
APPOracle6.0.0.1.16.0.0.2.26.0.0.3.1
Related vulnerabilities
Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...