CVE-2021-21813

Published: Aug 13, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.

Affected (1)

Products: Att: Xmill

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Att Xmill	Version 0.7

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280

Source: talos-cna@cisco.com

ExploitThird Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.