CVE-2021-3504 - log back

CVE-2021-3504 edited at 25 May 2021 17:57:18
Description
- A security was found in the hivex library before version 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash.
+ A security issue was found in the hivex library before version 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash.
CVE-2021-3504 edited at 03 May 2021 20:17:02
Severity
- Unknown
+ Low
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
+ A security was found in the hivex library before version 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1949687
+ https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
Notes
CVE-2021-3504 created at 03 May 2021 20:15:11