---

CVE-2021-3403 - log back

CVE-2021-3403 edited at 18 Mar 2021 18:44:06
References	https://bugzilla.redhat.com/show_bug.cgi?id=1926967 https://github.com/Yeraze/ytnef/issues/85 https://github.com/Yeraze/ytnef/pull/87 - https://github.com/Yeraze/ytnef/commit/216377b1dd6927cddcd0a12fe0525aa9aecc7538 + https://github.com/Yeraze/ytnef/commit/f2380a53fb84d370eaf6e6c3473062c54c57fac7

CVE-2021-3403 edited at 05 Mar 2021 23:06:10
References	https://bugzilla.redhat.com/show_bug.cgi?id=1926967 https://github.com/Yeraze/ytnef/issues/85 https://github.com/Yeraze/ytnef/pull/87 + https://github.com/Yeraze/ytnef/commit/216377b1dd6927cddcd0a12fe0525aa9aecc7538

CVE-2021-3403 edited at 09 Feb 2021 18:47:46
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1926967 + https://github.com/Yeraze/ytnef/issues/85 + https://github.com/Yeraze/ytnef/pull/87
Notes

CVE-2021-3403 created at 09 Feb 2021 18:46:30