CVE-2021-45931

Опубликовано: 01 янв. 2022

Источник: nvd

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
Exploit
Issue Tracking
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml
Exploit
Third Party Advisory
https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EAIZKL4O67FN2CWJYHYKZEMNYWNWO3D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5A7TCR2MY46YK3NHQZB3SLESUH354IEA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DI6247WOAKB46CZZ6SCDSJVWWCW3GMZH/
https://security.gentoo.org/glsa/202209-11
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425
Exploit
Issue Tracking
Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml
Exploit
Third Party Advisory
https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EAIZKL4O67FN2CWJYHYKZEMNYWNWO3D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5A7TCR2MY46YK3NHQZB3SLESUH354IEA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DI6247WOAKB46CZZ6SCDSJVWWCW3GMZH/
https://security.gentoo.org/glsa/202209-11
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:harfbuzz_project:harfbuzz:2.9.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00769

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2021-45931

CVSS3: 6.5

ubuntu

около 4 лет назад

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

CVE-2021-45931

CVSS3: 6.3

redhat

около 4 лет назад

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

CVE-2021-45931

CVSS3: 6.5

debian

около 4 лет назад

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t:: ...

GHSA-77w9-6m5g-vpj2

CVSS3: 6.5

github

около 4 лет назад

HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t<hb_bit_set_invertible_t>::set and hb_set_copy).

EPSS

Процентиль: 73%

0.00769

Низкий

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-787