ID CVE-2021-3403
Summary In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file.
References
Vulnerable Configurations
  • cpe:2.3:a:ytnef_project:ytnef:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:ytnef_project:ytnef:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 25-04-2022 - 20:17)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
Last major update 25-04-2022 - 20:17
Published 04-03-2021 - 22:15
Last modified 25-04-2022 - 20:17
Back to Top