CVE-2021-38441

Опубликовано: 05 мая 2022

Источник: debian

Описание

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cyclonedds	fixed	0.8.1-2		package
cyclonedds	no-dsa		bullseye	package

Примечания

No mention of CVE upstream
https://projects.eclipse.org/projects/iot.cyclonedds
https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02

Связанные уязвимости

CVE-2021-38441

CVSS3: 6.6

ubuntu

почти 4 года назад

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

CVE-2021-38441

CVSS3: 6.6

nvd

почти 4 года назад

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.

GHSA-9v3v-pqhw-3fhr

CVSS3: 9.8

github

почти 4 года назад

Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser.