CWE-788
Access of Memory Location After End of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
CVE-2021-22548 (GCVE-0-2021-22548)
Vulnerability from cvelistv5 – Published: 2021-06-08 13:15 – Updated: 2024-09-17 01:11
VLAI
Title
Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall
Summary
An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c
Severity
6.5 (Medium)
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/google/asylo/commit/53ed5d8fd8… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google LLC | Asylo |
Affected:
unspecified , ≤ 0.6.2
(custom)
|
Date Public
2021-03-29 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:44:13.780Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Asylo",
"vendor": "Google LLC",
"versions": [
{
"lessThanOrEqual": "0.6.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Qinkun Bao (Baidu Security)"
},
{
"lang": "en",
"value": "Zhaofeng Chen (Baidu Security)"
},
{
"lang": "en",
"value": "Mingshen Sun (Baidu Security)"
},
{
"lang": "en",
"value": "Kang Li (Baidu Security)"
}
],
"datePublic": "2021-03-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788 Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-08T13:15:13.000Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"DATE_PUBLIC": "2021-03-29T10:00:00.000Z",
"ID": "CVE-2021-22548",
"STATE": "PUBLIC",
"TITLE": "Arbitrary enclave memory overread vulnerability in Asylo TrustedPrimitives::UntrustedCall"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Asylo",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.6.2"
}
]
}
}
]
},
"vendor_name": "Google LLC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Qinkun Bao (Baidu Security)"
},
{
"lang": "eng",
"value": "Zhaofeng Chen (Baidu Security)"
},
{
"lang": "eng",
"value": "Mingshen Sun (Baidu Security)"
},
{
"lang": "eng",
"value": "Kang Li (Baidu Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker can change the pointer to untrusted memory to point to trusted memory region which causes copying trusted memory to trusted memory, if the latter is later copied out, it allows for reading of memory regions from the trusted region. It is recommended to update past 0.6.2 or git commit https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-788 Access of Memory Location After End of Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c",
"refsource": "MISC",
"url": "https://github.com/google/asylo/commit/53ed5d8fd8118ced1466e509606dd2f473707a5c"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2021-22548",
"datePublished": "2021-06-08T13:15:13.466Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:11:52.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25660 (GCVE-0-2021-25660)
Vulnerability from cvelistv5 – Published: 2021-05-12 13:18 – Updated: 2026-06-02 19:23
VLAI
Summary
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) |
Affected:
All versions < V16 Update 4
|
|
| Siemens | SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) |
Affected:
All versions < V16 Update 4
|
|
| Siemens | SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F |
Affected:
All versions < V16 Update 4
|
|
| Siemens | SIMATIC WinCC Runtime Advanced V15 |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC WinCC Runtime Advanced V16 |
Affected:
All versions < V16 Update 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-25660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T19:23:33.922249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T19:23:44.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced V16",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions \u003c V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions \u003c V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:11.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced V16",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions \u003c V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions \u003c V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the server side when sending data from the client, which could result in a Denial-of-Service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-788: Access of Memory Location After End of Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25660",
"datePublished": "2021-05-12T13:18:22.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2026-06-02T19:23:44.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-25661 (GCVE-0-2021-25661)
Vulnerability from cvelistv5 – Published: 2021-05-12 13:18 – Updated: 2026-06-02 19:22
VLAI
Summary
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12 | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) |
Affected:
All versions < V16 Update 4
|
|
| Siemens | SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) |
Affected:
All versions < V16 Update 4
|
|
| Siemens | SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F |
Affected:
All versions < V16 Update 4
|
|
| Siemens | SIMATIC WinCC Runtime Advanced V15 |
Affected:
All versions < V15.1 Update 6
|
|
| Siemens | SIMATIC WinCC Runtime Advanced V16 |
Affected:
All versions < V16 Update 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-25661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T19:22:48.003542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T19:22:51.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced V16",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions \u003c V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions \u003c V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:12.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-25661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced V16",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions \u003c V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions \u003c V16 Update 4). SmartVNC has an out-of-bounds memory access vulnerability that could be triggered on the client side when sending data from the server, which could result in a Denial-of-Service condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-788: Access of Memory Location After End of Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-12"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-25661",
"datePublished": "2021-05-12T13:18:22.000Z",
"dateReserved": "2021-01-21T00:00:00.000Z",
"dateUpdated": "2026-06-02T19:22:51.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27384 (GCVE-0-2021-27384)
Vulnerability from cvelistv5 – Published: 2021-05-12 13:18 – Updated: 2026-06-02 19:09
VLAI
Summary
A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\" & 15\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\" & 15\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI Comfort Panels V15 4\" - 22\" (incl. SIPLUS variants) (All versions < V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\" - 22\" (incl. SIPLUS variants) (All versions < V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions < V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions < V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_MISC |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11 | x_refsource_MISC |
Impacted products
16 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:16.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27384",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T19:09:38.723689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T19:09:41.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 6"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced V16",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 4"
}
]
},
{
"product": "SINAMICS GH150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS GL150 (with option X30)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS GM150 (with option X30)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SH150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SL150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SM120",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SM150",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SINAMICS SM150i",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions \u003c V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions \u003c V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788: Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:16.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-27384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced V15",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Update 6"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced V16",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V16 Update 4"
}
]
}
},
{
"product_name": "SINAMICS GH150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GL150 (with option X30)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS GM150 (with option X30)",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SH150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SL150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM120",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM150",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SINAMICS SM150i",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC HMI Comfort Outdoor Panels V15 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Outdoor Panels V16 7\\\" \u0026 15\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI Comfort Panels V15 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V15.1 Update 6), SIMATIC HMI Comfort Panels V16 4\\\" - 22\\\" (incl. SIPLUS variants) (All versions \u003c V16 Update 4), SIMATIC HMI KTP Mobile Panels V15 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Update 6), SIMATIC HMI KTP Mobile Panels V16 KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V16 Update 4), SIMATIC WinCC Runtime Advanced V15 (All versions \u003c V15.1 Update 6), SIMATIC WinCC Runtime Advanced V16 (All versions \u003c V16 Update 4), SINAMICS GH150 (All versions), SINAMICS GL150 (with option X30) (All versions), SINAMICS GM150 (with option X30) (All versions), SINAMICS SH150 (All versions), SINAMICS SL150 (All versions), SINAMICS SM120 (All versions), SINAMICS SM150 (All versions), SINAMICS SM150i (All versions). SmartVNC has an out-of-bounds memory access vulnerability in the device layout handler, represented by a binary data stream on client side, which can potentially result in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-788: Access of Memory Location After End of Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-27384",
"datePublished": "2021-05-12T13:18:22.000Z",
"dateReserved": "2021-02-18T00:00:00.000Z",
"dateUpdated": "2026-06-02T19:09:41.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-32629 (GCVE-0-2021-32629)
Vulnerability from cvelistv5 – Published: 2021-05-24 15:35 – Updated: 2024-08-03 23:25
VLAI
Title
Memory access due to code generation flaw in Cranelift module
Summary
Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. This bug was introduced in the new backend on 2020-09-08 and first included in a release on 2020-09-30, but the new backend was not the default prior to 0.73. The recently-released version 0.73 with default settings, and prior versions with an explicit build flag to select the new backend, are vulnerable. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, under a specific set of circumstances. If those circumstances occur, the bug could allow access to memory addresses upto 2GiB before the start of the Wasm program heap. If the heap bound is larger than 2GiB, then it would be possible to read memory from a computable range dependent on the size of the heaps bound. The impact of this bug is highly dependent on heap implementation, specifically: * if the heap has bounds checks, and * does not rely exclusively on guard pages, and * the heap bound is 2GiB or smaller * then this bug cannot be used to reach memory from another Wasm program heap. The impact of the vulnerability is mitigated if there is no memory mapped in the range accessible using this bug, for example, if there is a 2 GiB guard region before the Wasm program heap. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, we rely on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32’s MSB. The issue would thus occur when: * An i32 value in a Wasm program is greater than or equal to 0x8000_0000; * The value is spilled and reloaded by the register allocator due to high register pressure in the program between the value’s definition and its use; * The value is produced by an instruction that we know to be “special” in that it zeroes the upper 32 bits of its destination: add, sub, mul, and, or; * The value is then zero-extended to 64 bits in the Wasm program; * The resulting 64-bit value is used. Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. The usual code emitted for heap accesses zero-extends the Wasm heap address, adds it to a 64-bit heap base, and accesses the resulting address. If the zero-extend becomes a sign-extend, the program could reach backward and access memory up to 2GiB before the start of its heap. In addition to assessing the nature of the code generation bug in Cranelift, we have also determined that under specific circumstances, both Lucet and Wasmtime using this version of Cranelift may be exploitable. See referenced GitHub Advisory for more details.
Severity
7.2 (High)
CWE
- CWE-788 - Access of Memory Location After End of Buffer
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/bytecodealliance/wasmtime/secu… | x_refsource_CONFIRM |
| https://github.com/bytecodealliance/wasmtime/comm… | x_refsource_MISC |
| https://crates.io/crates/cranelift-codegen | x_refsource_MISC |
| https://www.fastly.com/security-advisories/memory… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bytecodealliance | wasmtime |
Affected:
<= 0.73.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bytecodealliance/wasmtime/commit/95559c01aaa7c061088a433040f31e8291fb09d0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crates.io/crates/cranelift-codegen"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fastly.com/security-advisories/memory-access-due-to-code-generation-flaw-in-cranelift-module"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wasmtime",
"vendor": "bytecodealliance",
"versions": [
{
"status": "affected",
"version": "\u003c= 0.73.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. This bug was introduced in the new backend on 2020-09-08 and first included in a release on 2020-09-30, but the new backend was not the default prior to 0.73. The recently-released version 0.73 with default settings, and prior versions with an explicit build flag to select the new backend, are vulnerable. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, under a specific set of circumstances. If those circumstances occur, the bug could allow access to memory addresses upto 2GiB before the start of the Wasm program heap. If the heap bound is larger than 2GiB, then it would be possible to read memory from a computable range dependent on the size of the heaps bound. The impact of this bug is highly dependent on heap implementation, specifically: * if the heap has bounds checks, and * does not rely exclusively on guard pages, and * the heap bound is 2GiB or smaller * then this bug cannot be used to reach memory from another Wasm program heap. The impact of the vulnerability is mitigated if there is no memory mapped in the range accessible using this bug, for example, if there is a 2 GiB guard region before the Wasm program heap. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, we rely on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32\u2019s MSB. The issue would thus occur when: * An i32 value in a Wasm program is greater than or equal to 0x8000_0000; * The value is spilled and reloaded by the register allocator due to high register pressure in the program between the value\u2019s definition and its use; * The value is produced by an instruction that we know to be \u201cspecial\u201d in that it zeroes the upper 32 bits of its destination: add, sub, mul, and, or; * The value is then zero-extended to 64 bits in the Wasm program; * The resulting 64-bit value is used. Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. The usual code emitted for heap accesses zero-extends the Wasm heap address, adds it to a 64-bit heap base, and accesses the resulting address. If the zero-extend becomes a sign-extend, the program could reach backward and access memory up to 2GiB before the start of its heap. In addition to assessing the nature of the code generation bug in Cranelift, we have also determined that under specific circumstances, both Lucet and Wasmtime using this version of Cranelift may be exploitable. See referenced GitHub Advisory for more details."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788 Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-24T15:35:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/commit/95559c01aaa7c061088a433040f31e8291fb09d0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crates.io/crates/cranelift-codegen"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fastly.com/security-advisories/memory-access-due-to-code-generation-flaw-in-cranelift-module"
}
],
"source": {
"advisory": "GHSA-hpqh-2wqx-7qp5",
"discovery": "UNKNOWN"
},
"title": "Memory access due to code generation flaw in Cranelift module",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32629",
"STATE": "PUBLIC",
"TITLE": "Memory access due to code generation flaw in Cranelift module"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wasmtime",
"version": {
"version_data": [
{
"version_value": "\u003c= 0.73.0"
}
]
}
}
]
},
"vendor_name": "bytecodealliance"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cranelift is an open-source code generator maintained by Bytecode Alliance. It translates a target-independent intermediate representation into executable machine code. There is a bug in 0.73 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a Wasm program. This bug was introduced in the new backend on 2020-09-08 and first included in a release on 2020-09-30, but the new backend was not the default prior to 0.73. The recently-released version 0.73 with default settings, and prior versions with an explicit build flag to select the new backend, are vulnerable. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, under a specific set of circumstances. If those circumstances occur, the bug could allow access to memory addresses upto 2GiB before the start of the Wasm program heap. If the heap bound is larger than 2GiB, then it would be possible to read memory from a computable range dependent on the size of the heaps bound. The impact of this bug is highly dependent on heap implementation, specifically: * if the heap has bounds checks, and * does not rely exclusively on guard pages, and * the heap bound is 2GiB or smaller * then this bug cannot be used to reach memory from another Wasm program heap. The impact of the vulnerability is mitigated if there is no memory mapped in the range accessible using this bug, for example, if there is a 2 GiB guard region before the Wasm program heap. The bug in question performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, we rely on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32\u2019s MSB. The issue would thus occur when: * An i32 value in a Wasm program is greater than or equal to 0x8000_0000; * The value is spilled and reloaded by the register allocator due to high register pressure in the program between the value\u2019s definition and its use; * The value is produced by an instruction that we know to be \u201cspecial\u201d in that it zeroes the upper 32 bits of its destination: add, sub, mul, and, or; * The value is then zero-extended to 64 bits in the Wasm program; * The resulting 64-bit value is used. Under these circumstances there is a potential sandbox escape when the i32 value is a pointer. The usual code emitted for heap accesses zero-extends the Wasm heap address, adds it to a 64-bit heap base, and accesses the resulting address. If the zero-extend becomes a sign-extend, the program could reach backward and access memory up to 2GiB before the start of its heap. In addition to assessing the nature of the code generation bug in Cranelift, we have also determined that under specific circumstances, both Lucet and Wasmtime using this version of Cranelift may be exploitable. See referenced GitHub Advisory for more details."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-788 Access of Memory Location After End of Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5",
"refsource": "CONFIRM",
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hpqh-2wqx-7qp5"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/commit/95559c01aaa7c061088a433040f31e8291fb09d0",
"refsource": "MISC",
"url": "https://github.com/bytecodealliance/wasmtime/commit/95559c01aaa7c061088a433040f31e8291fb09d0"
},
{
"name": "https://crates.io/crates/cranelift-codegen",
"refsource": "MISC",
"url": "https://crates.io/crates/cranelift-codegen"
},
{
"name": "https://www.fastly.com/security-advisories/memory-access-due-to-code-generation-flaw-in-cranelift-module",
"refsource": "MISC",
"url": "https://www.fastly.com/security-advisories/memory-access-due-to-code-generation-flaw-in-cranelift-module"
}
]
},
"source": {
"advisory": "GHSA-hpqh-2wqx-7qp5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32629",
"datePublished": "2021-05-24T15:35:11.000Z",
"dateReserved": "2021-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-03T23:25:30.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3588 (GCVE-0-2021-3588)
Vulnerability from cvelistv5 – Published: 2021-06-10 02:30 – Updated: 2024-09-16 23:37
VLAI
Title
memory contents disclosure in cli_feat_read_cb
Summary
The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading.
Severity
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/bluez/bluez/issues/70 | x_refsource_MISC |
| https://security.gentoo.org/glsa/202209-16 | vendor-advisoryx_refsource_GENTOO |
Impacted products
Date Public
2021-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:07.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bluez/bluez/issues/70"
},
{
"name": "GLSA-202209-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BlueZ",
"vendor": "BlueZ",
"versions": [
{
"lessThan": "5.56",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the \u0027offset\u0027 variable before using it as an index into an array for reading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "CWE-788 Access of Memory Location After End of Buffer",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-29T16:07:27.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bluez/bluez/issues/70"
},
{
"name": "GLSA-202209-16",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202209-16"
}
],
"solutions": [
{
"lang": "en",
"value": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/src/gatt-database.c?id=6a50b6aeda78a88eafb177718109c256eec077a6"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548"
],
"discovery": "EXTERNAL"
},
"title": "memory contents disclosure in cli_feat_read_cb",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-06-09T00:00:00.000Z",
"ID": "CVE-2021-3588",
"STATE": "PUBLIC",
"TITLE": "memory contents disclosure in cli_feat_read_cb"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BlueZ",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.56"
}
]
}
}
]
},
"vendor_name": "BlueZ"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the \u0027offset\u0027 variable before using it as an index into an array for reading."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-788 Access of Memory Location After End of Buffer"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bluez/bluez/issues/70",
"refsource": "MISC",
"url": "https://github.com/bluez/bluez/issues/70"
},
{
"name": "GLSA-202209-16",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202209-16"
}
]
},
"solution": [
{
"lang": "en",
"value": "https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/src/gatt-database.c?id=6a50b6aeda78a88eafb177718109c256eec077a6"
}
],
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/bluez/+bug/1926548"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-3588",
"datePublished": "2021-06-10T02:30:11.654Z",
"dateReserved": "2021-06-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:37:02.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35996 (GCVE-0-2021-35996)
Vulnerability from cvelistv5 – Published: 2021-09-02 17:00 – Updated: 2025-04-23 19:29
VLAI
Title
Adobe After Effects Memory Corruption Could Lead To Arbitrary Code Execution
Summary
Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer (CWE-788)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/after_e… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | After Effects |
Affected:
unspecified , ≤ 18.2.1
(custom)
Affected: unspecified , ≤ None (custom) |
Date Public
2021-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-54.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:16:52.487276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:29:00.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "After Effects",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "18.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-02T17:00:47.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-54.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe After Effects Memory Corruption Could Lead To Arbitrary Code Execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-07-20T23:00:00.000Z",
"ID": "CVE-2021-35996",
"STATE": "PUBLIC",
"TITLE": "Adobe After Effects Memory Corruption Could Lead To Arbitrary Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "After Effects",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "18.2.1"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe After Effects version 18.2.1 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/after_effects/apsb21-54.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-54.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-35996",
"datePublished": "2021-09-02T17:00:47.328Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:29:00.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35997 (GCVE-0-2021-35997)
Vulnerability from cvelistv5 – Published: 2021-08-20 18:10 – Updated: 2025-04-23 19:38
VLAI
Title
Adobe Premiere Pro Memory Corruption Remote Code Execution Vulnerability
Summary
Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer (CWE-788)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/premier… | x_refsource_MISC |
Impacted products
Date Public
2021-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:42.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-56.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:18:35.742276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:38:50.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Premiere",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "15.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-20T18:10:13.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-56.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Premiere Pro Memory Corruption Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-07-20T23:00:00.000Z",
"ID": "CVE-2021-35997",
"STATE": "PUBLIC",
"TITLE": "Adobe Premiere Pro Memory Corruption Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Premiere",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "15.2"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Premiere Pro version 15.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-56.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/premiere_pro/apsb21-56.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-35997",
"datePublished": "2021-08-20T18:10:13.834Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:38:50.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35999 (GCVE-0-2021-35999)
Vulnerability from cvelistv5 – Published: 2021-08-20 18:10 – Updated: 2025-04-23 19:38
VLAI
Title
Adobe Prelude Memory Corruption Remote Code Execution Vulnerability
Summary
Adobe Prelude version 10.0 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer (CWE-788)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/prelude… | x_refsource_MISC |
Impacted products
Date Public
2021-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-58.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-35999",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:18:27.154629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:38:13.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Prelude",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Prelude version 10.0 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-20T18:10:17.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-58.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Prelude Memory Corruption Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-07-20T23:00:00.000Z",
"ID": "CVE-2021-35999",
"STATE": "PUBLIC",
"TITLE": "Adobe Prelude Memory Corruption Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Prelude",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.0"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Prelude version 10.0 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/prelude/apsb21-58.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/prelude/apsb21-58.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-35999",
"datePublished": "2021-08-20T18:10:17.526Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:38:13.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36000 (GCVE-0-2021-36000)
Vulnerability from cvelistv5 – Published: 2021-08-20 18:10 – Updated: 2025-04-23 19:38
VLAI
Title
Adobe Character Animator Memory Corruption Arbitrary Code Execution Vulnerability
Summary
Adobe Character Animator version 4.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-788 - Access of Memory Location After End of Buffer (CWE-788)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/in/security/products/char… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | Character Animator (Preview 4) |
Affected:
unspecified , ≤ 4.2
(custom)
Affected: unspecified , ≤ None (custom) |
Date Public
2021-07-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:47:43.327Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/in/security/products/character_animator/apsb21-59.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-36000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:18:29.942292Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T19:38:28.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Character Animator (Preview 4)",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "None",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Adobe Character Animator version 4.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-788",
"description": "Access of Memory Location After End of Buffer (CWE-788)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-20T18:10:16.000Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/in/security/products/character_animator/apsb21-59.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Character Animator Memory Corruption Arbitrary Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2021-07-20T23:00:00.000Z",
"ID": "CVE-2021-36000",
"STATE": "PUBLIC",
"TITLE": "Adobe Character Animator Memory Corruption Arbitrary Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Character Animator (Preview 4)",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.2"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
},
{
"version_affected": "\u003c=",
"version_value": "None"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Character Animator version 4.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "Low",
"attackVector": "Local",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"userInteraction": "Required",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Access of Memory Location After End of Buffer (CWE-788)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/in/security/products/character_animator/apsb21-59.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/in/security/products/character_animator/apsb21-59.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2021-36000",
"datePublished": "2021-08-20T18:10:16.631Z",
"dateReserved": "2021-06-30T00:00:00.000Z",
"dateUpdated": "2025-04-23T19:38:28.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.