Vulnerability Database

309,961

Total vulnerabilities in the database

CVE-2021-35515

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package.

Published: Jul 13, 2021
Updated: Nov 16, 2025
CVE: CVE-2021-35515
GHSA: GHSA-7hfm-57qf-j43q
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Affected Software
References

Software	From	Fixed in
apache / commons_compress	1.6	1.20.x
oracle / flexcube_universal_banking	12.4.0	12.4.0.x
oracle / business_process_management_suite	12.2.1.3.0	12.2.1.3.0.x
oracle / peoplesoft_enterprise_peopletools	8.57	8.57.x
oracle / primavera_unifier	18.8	18.8.x
oracle / primavera_unifier	17.7	17.12.x
oracle / banking_digital_experience	19.1	19.1.x
oracle / flexcube_universal_banking	14.0.0	14.3.0.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / primavera_unifier	19.12	19.12.x
oracle / banking_digital_experience	20.1	20.1.x
oracle / primavera_unifier	20.12	20.12.x
oracle / business_process_management_suite	12.2.1.4.0	12.2.1.4.0.x
oracle / communications_messaging_server	8.1	8.1.x
oracle / commerce_guided_search	11.3.2	11.3.2.x
oracle / peoplesoft_enterprise_peopletools	8.59	8.59.x
oracle / insurance_policy_administration	11.3.0	11.3.0.x
oracle / insurance_policy_administration	11.0.2	11.0.2.x
oracle / financial_services_enterprise_case_management	8.0.8.1.0	8.0.8.1.0.x
oracle / financial_services_enterprise_case_management	8.0.7.2.0	8.0.7.2.0.x
oracle / healthcare_data_repository	8.1.0	8.1.0.x
oracle / communications_session_route_manager	8.0.0	8.2.5.x
oracle / banking_party_management	2.7.0	2.7.0.x
oracle / utilities_testing_accelerator	6.0.0.2.2	6.0.0.2.2.x
oracle / utilities_testing_accelerator	6.0.0.3.1	6.0.0.3.1.x
oracle / utilities_testing_accelerator	6.0.0.1.1	6.0.0.1.1.x
oracle / banking_digital_experience	21.1	21.1.x
oracle / communications_cloud_native_core_unified_data_repository	1.14.0	1.14.0.x
oracle / communications_cloud_native_core_service_communication_proxy	1.14.0	1.14.0.x
oracle / communications_cloud_native_core_automated_test_suite	1.8.0	1.8.0.x
oracle / communications_billing_and_revenue_management	12.0.0.4	12.0.0.4.x
oracle / insurance_policy_administration	11.1.0	11.1.0.x
oracle / insurance_policy_administration	11.3.1	11.3.1.x
oracle / banking_enterprise_default_management	2.7.0	2.7.0.x
oracle / banking_digital_experience	18.1	18.3.x
oracle / insurance_policy_administration	11.2.8	11.2.8.x
oracle / banking_payments	14.5	14.5.x
oracle / banking_trade_finance	14.5	14.5.x
oracle / banking_treasury_management	14.5	14.5.x
oracle / flexcube_universal_banking	14.5.0	14.5.0.x
oracle / communications_diameter_intelligence_hub	8.0.0	8.2.3.x
oracle / financial_services_crime_and_compliance_management_studio	8.0.8.2.0	8.0.8.2.0.x
oracle / financial_services_crime_and_compliance_management_studio	8.0.8.3.0	8.0.8.3.0.x
org.apache.commons / commons-compress	-	1.21

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo