CVE-2021-29097

Опубликовано: 25 мар. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 (and earlier) and ArcGIS Pro 2.7 (and earlier) allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

Ссылки

https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-360/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-363/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-364/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-365/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-367/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-368/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-369/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-371/
Third Party Advisory
VDB Entry
https://www.esri.com/arcgis-blog/products/arcgis/administration/security-advisory-general-raster/
Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-21-360/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-363/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-364/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-365/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-367/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-368/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-369/
Third Party Advisory
VDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-21-371/
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:esri:arcgis_engine:*:*:*:*:*:*:*:*

Версия до 10.8.1 (включая)

cpe:2.3:a:esri:arcgis_pro:*:*:*:*:*:*:*:*

Версия до 2.7 (включая)

cpe:2.3:a:esri:arcmap:*:*:*:*:*:*:*:*

Версия до 10.8.1 (включая)

cpe:2.3:a:esri:arcreader:*:*:*:*:*:*:*:*

Версия до 10.8.1 (включая)

EPSS

Процентиль: 63%

0.00441

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-121

CWE-119

Связанные уязвимости

GHSA-wr7p-7f4r-37fr

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 63%

0.00441

Низкий

7.8 High

CVSS3

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-121

CWE-119