github - ghsa-p57v-vh5w-35p2

GHSA-P57V-VH5W-35P2

Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2022-05-24 19:15

Details

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-33035"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-23T08:15:00Z",
    "severity": "HIGH"
  },
  "details": "Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10",
  "id": "GHSA-p57v-vh5w-35p2",
  "modified": "2022-05-24T19:15:37Z",
  "published": "2022-05-24T19:15:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33035"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r1ab8532e11f41bc7ca057ac7e39cab25f2e1f9d5f4929788ae21c8b9@%3Cusers.openoffice.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r929c0c6a53cad64a1007b878342756badbb05ddd9b8f31a6d0b424cb@%3Cannounce.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/10/07/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-33035 (GCVE-0-2021-33035)

Vulnerability from cvelistv5 – Published: 2021-09-23 08:10 – Updated: 2024-08-03 23:42

Summary

Severity ?

No CVSS data available.

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

apache

References

URL

Tags

	https://github.com/apache/openoffice/commit/efdda…	x_refsource_MISC
	https://lists.apache.org/thread.html/r929c0c6a53c…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r1ab8532e11f…	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2021/10/07/3	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	Apache Software Foundation	Apache OpenOffice	Affected: Apache OpenOffice , ≤ 4.1.10 (custom) Affected: OpenOffice.org , ≤ 3.4 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:19.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f"
          },
          {
            "name": "[announce] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r929c0c6a53cad64a1007b878342756badbb05ddd9b8f31a6d0b424cb%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[openoffice-users] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1ab8532e11f41bc7ca057ac7e39cab25f2e1f9d5f4929788ae21c8b9%40%3Cusers.openoffice.apache.org%3E"
          },
          {
            "name": "[oss-security] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/07/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache OpenOffice",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "4.1.10",
              "status": "affected",
              "version": "Apache OpenOffice",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.4",
              "status": "affected",
              "version": "OpenOffice.org",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "high"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-120",
              "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-07T17:06:07",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f"
        },
        {
          "name": "[announce] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r929c0c6a53cad64a1007b878342756badbb05ddd9b8f31a6d0b424cb%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[openoffice-users] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1ab8532e11f41bc7ca057ac7e39cab25f2e1f9d5f4929788ae21c8b9%40%3Cusers.openoffice.apache.org%3E"
        },
        {
          "name": "[oss-security] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/07/3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Buffer overflow from a crafted DBF file",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-33035",
          "STATE": "PUBLIC",
          "TITLE": "Buffer overflow from a crafted DBF file"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache OpenOffice",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "Apache OpenOffice",
                            "version_value": "4.1.10"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_name": "OpenOffice.org",
                            "version_value": "3.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "high"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f",
              "refsource": "MISC",
              "url": "https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f"
            },
            {
              "name": "[announce] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r929c0c6a53cad64a1007b878342756badbb05ddd9b8f31a6d0b424cb@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[openoffice-users] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1ab8532e11f41bc7ca057ac7e39cab25f2e1f9d5f4929788ae21c8b9@%3Cusers.openoffice.apache.org%3E"
            },
            {
              "name": "[oss-security] 20211007 CVE-2021-33035: Apache OpenOffice: Buffer overflow from a crafted DBF file",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/07/3"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-33035",
    "datePublished": "2021-09-23T08:10:10",
    "dateReserved": "2021-05-15T00:00:00",
    "dateUpdated": "2024-08-03T23:42:19.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-P57V-VH5W-35P2

CVE-2021-33035 (GCVE-0-2021-33035)

Tags

Sightings

Nomenclature