CVE-2021-21826

Опубликовано: 20 авг. 2021

Источник: nvd

CVSS3: 8.1

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1291
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1291
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:att:xmill:0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00459

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120

CWE-787

Связанные уязвимости

GHSA-37p7-4jpq-5264

CVSS3: 9.8

github

больше 3 лет назад

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.

BDU:2023-03274

CVSS3: 8.1

fstec

больше 4 лет назад

Уязвимость функции DecodeTreeBlock инструмент сжатия XML-данных Xmill, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 64%

0.00459

Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-120

CWE-787