CVE-2021-3403 - log back

CVE-2021-3403 edited at 18 Mar 2021 18:44:06
References
https://bugzilla.redhat.com/show_bug.cgi?id=1926967
https://github.com/Yeraze/ytnef/issues/85
https://github.com/Yeraze/ytnef/pull/87
- https://github.com/Yeraze/ytnef/commit/216377b1dd6927cddcd0a12fe0525aa9aecc7538
+ https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7
CVE-2021-3403 edited at 05 Mar 2021 23:06:10
References
https://bugzilla.redhat.com/show_bug.cgi?id=1926967
https://github.com/Yeraze/ytnef/issues/85
https://github.com/Yeraze/ytnef/pull/87
+ https://github.com/Yeraze/ytnef/commit/216377b1dd6927cddcd0a12fe0525aa9aecc7538
CVE-2021-3403 edited at 09 Feb 2021 18:47:46
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Arbitrary code execution
Description
+ In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1926967
+ https://github.com/Yeraze/ytnef/issues/85
+ https://github.com/Yeraze/ytnef/pull/87
Notes
CVE-2021-3403 created at 09 Feb 2021 18:46:30