CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2021-20024 (GCVE-0-2021-20024)
Vulnerability from cvelistv5 – Published: 2021-07-09 21:25 – Updated: 2024-08-03 17:30
VLAI
Summary
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations.
Severity
No CVSS data available.
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://psirt.global.sonicwall.com/vuln-detail/SN… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SonicWall | SonicWall Switch |
Affected:
1.0.0.5-16 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SonicWall Switch",
"vendor": "SonicWall",
"versions": [
{
"status": "affected",
"version": "1.0.0.5-16 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T21:25:09.000Z",
"orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"shortName": "sonicwall"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT@sonicwall.com",
"ID": "CVE-2021-20024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SonicWall Switch",
"version": {
"version_data": [
{
"version_value": "1.0.0.5-16 and earlier"
}
]
}
}
]
},
"vendor_name": "SonicWall"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011",
"refsource": "CONFIRM",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0011"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
"assignerShortName": "sonicwall",
"cveId": "CVE-2021-20024",
"datePublished": "2021-07-09T21:25:09.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20177 (GCVE-0-2021-20177)
Vulnerability from cvelistv5 – Published: 2021-05-26 20:48 – Updated: 2024-08-03 17:30
VLAI
Summary
A flaw was found in the Linux kernel's implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1914719 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914719"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "kernel",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kernel 5.5-rc1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T20:48:25.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914719"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "kernel 5.5-rc1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel\u0027s implementation of string matching within a packet. A privileged user (with root or CAP_NET_ADMIN) when inserting iptables rules could insert a rule which can panic the system. Kernel before kernel 5.5-rc1 is affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1914719",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914719"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20177",
"datePublished": "2021-05-26T20:48:25.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20221 (GCVE-0-2021-20221)
Vulnerability from cvelistv5 – Published: 2021-05-13 15:34 – Updated: 2024-08-03 17:30
VLAI
Summary
An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario.
Severity
No CVSS data available.
CWE
- CWE-125 - >CWE-787
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2021/02/05/1 | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://bugzilla.redhat.com/show_bug.cgi?id=1924601 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021070… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2022… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.645Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "qemu",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "up to, including qemu 4.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds heap buffer access issue was found in the ARM Generic Interrupt Controller emulator of QEMU up to and including qemu 4.2.0on aarch64 platform. The issue occurs because while writing an interrupt ID to the controller memory area, it is not masked to be 4 bits wide. It may lead to the said issue while updating controller state fields and their subsequent processing. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125-\u003eCWE-787",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-05T05:06:40.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20210205 CVE-2021-20221 QEMU: aarch64: GIC: out-of-bound heap buffer access via an interrupt ID field",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/05/1"
},
{
"name": "[debian-lts-announce] 20210218 [SECURITY] [DLA 2560-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00024.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1924601"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0005/"
},
{
"name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20221",
"datePublished": "2021-05-13T15:34:48.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20254 (GCVE-0-2021-20254)
Vulnerability from cvelistv5 – Published: 2021-05-05 13:36 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity.
Severity
No CVSS data available.
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1949442 | x_refsource_MISC |
| https://www.samba.org/samba/security/CVE-2021-202… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2021043… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202105-22 | vendor-advisoryx_refsource_GENTOO |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949442"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2021-20254.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210430-0001/"
},
{
"name": "FEDORA-2021-1d0807008b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/"
},
{
"name": "FEDORA-2021-7026246ea9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/"
},
{
"name": "GLSA-202105-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-22"
},
{
"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "samba 4.14.1, samba 4.13.6, samba 4.12.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-29T12:06:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949442"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.samba.org/samba/security/CVE-2021-20254.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security.netapp.com/advisory/ntap-20210430-0001/"
},
{
"name": "FEDORA-2021-1d0807008b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/"
},
{
"name": "FEDORA-2021-7026246ea9",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/"
},
{
"name": "GLSA-202105-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-22"
},
{
"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "samba 4.14.1, samba 4.13.6, samba 4.12.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in samba. The Samba smbd file server must map Windows group identities (SIDs) into unix group ids (gids). The code that performs this had a flaw that could allow it to read data beyond the end of the array in the case where a negative cache entry had been added to the mapping cache. This could cause the calling code to return those values into the process token that stores the group membership for a user. The highest threat from this vulnerability is to data confidentiality and integrity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1949442",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949442"
},
{
"name": "https://www.samba.org/samba/security/CVE-2021-20254.html",
"refsource": "MISC",
"url": "https://www.samba.org/samba/security/CVE-2021-20254.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210430-0001/",
"refsource": "MISC",
"url": "https://security.netapp.com/advisory/ntap-20210430-0001/"
},
{
"name": "FEDORA-2021-1d0807008b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/"
},
{
"name": "FEDORA-2021-7026246ea9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/"
},
{
"name": "GLSA-202105-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-22"
},
{
"name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20254",
"datePublished": "2021-05-05T13:36:32.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20266 (GCVE-0-2021-20266)
Vulnerability from cvelistv5 – Published: 2021-04-30 11:22 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1927741 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202107-43 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-43"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rpm",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "rpm 4.17.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T10:07:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "GLSA-202107-43",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-43"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rpm",
"version": {
"version_data": [
{
"version_value": "rpm 4.17.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927741"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
},
{
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/",
"refsource": "MISC",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
},
{
"name": "GLSA-202107-43",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-43"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20266",
"datePublished": "2021-04-30T11:22:49.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20277 (GCVE-0-2021-20277)
Vulnerability from cvelistv5 – Published: 2021-05-12 13:54 – Updated: 2024-08-03 17:37
VLAI
Summary
A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://security.netapp.com/advisory/ntap-2021032… | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2021/dsa-4884 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://bugzilla.redhat.com/show_bug.cgi?id=1941402 | x_refsource_MISC |
| https://www.samba.org/samba/security/CVE-2021-202… | x_refsource_MISC |
| https://security.gentoo.org/glsa/202105-22 | vendor-advisoryx_refsource_GENTOO |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:24.134Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
},
{
"name": "FEDORA-2021-c2d8628d33",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
},
{
"name": "DSA-4884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4884"
},
{
"name": "FEDORA-2021-1a8e93a285",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
},
{
"name": "FEDORA-2021-c93a3a5d3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
},
{
"name": "GLSA-202105-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202105-22"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "samba",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "samba 4.14.1, samba 4.13.6, samba 4.12.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-26T11:08:41.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
},
{
"name": "FEDORA-2021-c2d8628d33",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
},
{
"name": "DSA-4884",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4884"
},
{
"name": "FEDORA-2021-1a8e93a285",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
},
{
"name": "FEDORA-2021-c93a3a5d3f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
},
{
"name": "GLSA-202105-22",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202105-22"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "samba 4.14.1, samba 4.13.6, samba 4.12.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Samba\u0027s libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LDAP server process handling the request. The highest threat from this vulnerability is to system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20210326-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210326-0007/"
},
{
"name": "FEDORA-2021-c2d8628d33",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X5J3B6PN5XMXF3OHYBNHDKZ3XFSUGY4L/"
},
{
"name": "[debian-lts-announce] 20210331 [SECURITY] [DLA 2611-1] ldb security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00036.html"
},
{
"name": "DSA-4884",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4884"
},
{
"name": "FEDORA-2021-1a8e93a285",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXP3ONIY6MB4C5LDZV4YL5KJCES3UX24/"
},
{
"name": "FEDORA-2021-c93a3a5d3f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VLZ74IF2N75VQSIHBL4B3P5WKWQCXSRY/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941402"
},
{
"name": "https://www.samba.org/samba/security/CVE-2021-20277.html",
"refsource": "MISC",
"url": "https://www.samba.org/samba/security/CVE-2021-20277.html"
},
{
"name": "GLSA-202105-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202105-22"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20277",
"datePublished": "2021-05-12T13:54:05.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:24.134Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20295 (GCVE-0-2021-20295)
Vulnerability from cvelistv5 – Published: 2022-04-01 22:17 – Updated: 2024-08-03 17:37
VLAI
Summary
It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1944075 | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2020-10756 | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022051… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:37:23.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2020-10756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220519-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "QEMU",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "qemu-kvm 4.2.0-34"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-19T19:06:23.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2020-10756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220519-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2021-20295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QEMU",
"version": {
"version_data": [
{
"version_value": "qemu-kvm 4.2.0-34"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944075"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2020-10756",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/CVE-2020-10756"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220519-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220519-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-20295",
"datePublished": "2022-04-01T22:17:46.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:37:23.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21034 (GCVE-0-2021-21034)
Vulnerability from cvelistv5 – Published: 2021-02-11 19:42 – Updated: 2024-09-16 23:51
VLAI
Title
Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
4.3 (Medium)
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/acrobat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
unspecified , ≤ 2020.013.20074
(custom)
Affected: unspecified , ≤ 2020.001.30018 (custom) Affected: unspecified , ≤ 2017.011.30188 (custom) Affected: unspecified , ≤ None (custom) |
Date Public
2021-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:12.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2020.013.20074",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2020.001.30018",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2017.011.30188",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T19:42:21.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-02-09T23:00:00.000Z",
"ID": "CVE-2021-21034",
"STATE": "PUBLIC",
"TITLE": "Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2020.013.20074"
},
{
"version_affected": "\u003c=",
"version_value": "2020.001.30018"
},
{
"version_affected": "\u003c=",
"version_value": "2017.011.30188"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21034",
"datePublished": "2021-02-11T19:42:21.745Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:51:33.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21042 (GCVE-0-2021-21042)
Vulnerability from cvelistv5 – Published: 2021-02-11 19:42 – Updated: 2024-09-16 18:44
VLAI
Title
Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability
Summary
Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
6.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/acrobat… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Acrobat Reader |
Affected:
unspecified , ≤ 2020.013.20074
(custom)
Affected: unspecified , ≤ 2020.001.30018 (custom) Affected: unspecified , ≤ 2017.011.30188 (custom) Affected: unspecified , ≤ None (custom) |
Date Public
2021-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:13.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Acrobat Reader",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "2020.013.20074",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2020.001.30018",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "2017.011.30188",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-28T12:41:41.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-02-09T23:00:00.000Z",
"ID": "CVE-2021-21042",
"STATE": "PUBLIC",
"TITLE": "Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2020.013.20074"
},
{
"version_affected": "\u003c=",
"version_value": "2020.001.30018"
},
{
"version_affected": "\u003c=",
"version_value": "2017.011.30188"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acrobat Reader DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to arbitrary disclosure of information in the memory stack. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Network",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21042",
"datePublished": "2021-02-11T19:42:20.114Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:44:13.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-21049 (GCVE-0-2021-21049)
Vulnerability from cvelistv5 – Published: 2021-02-11 20:09 – Updated: 2025-04-23 19:45
VLAI
Title
Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability
Summary
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read (CWE-125)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/photosh… | x_refsource_MISC |
Impacted products
Date Public
2021-02-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:01:13.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-21049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:20:09.473151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:45:42.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Photoshop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "22.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "21.2.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-02-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-11T20:09:47.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-02-09T23:00:00.000Z",
"ID": "CVE-2021-21049",
"STATE": "PUBLIC",
"TITLE": "Adobe Photoshop Out-Of-Bounds Read Vulnerability Could Lead To Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Photoshop",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "22.1.1"
},
{
"version_affected": "\u003c=",
"version_value": "21.2.4"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read (CWE-125)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb21-10.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-21049",
"datePublished": "2021-02-11T20:09:47.043Z",
"dateReserved": "2020-12-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:45:42.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.