← Back to CVEs
CVE-2021-21812
HIGH7.8
Description
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published8/13/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
att:xmill
Weaknesses (CWE)
CWE-787
References
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280(talos-cna@cisco.com)
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.