Common Weakness Enumeration

CWE-122

Allowed

Heap-based Buffer Overflow

Abstraction: Variant · Status: Draft

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

4106 vulnerabilities reference this CWE, most recent first.

CVE-2021-27253 (GCVE-0-2021-27253)

Vulnerability from cvelistv5 – Published: 2021-04-14 15:45 – Updated: 2024-08-03 20:48
VLAI
Summary
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
zdi
References
Impacted products
Vendor Product Version
NETGEAR R7800 Affected: firmware version 1.0.2.76
Create a notification for this product.
Credits
Ho\xc3\xa0ng Th\xe1\xba\xa1ch Nguy\xe1\xbb\x85n, Lucas Tay
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:16.037Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-249/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "R7800",
          "vendor": "NETGEAR",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 1.0.2.76"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ho\\xc3\\xa0ng Th\\xe1\\xba\\xa1ch Nguy\\xe1\\xbb\\x85n, Lucas Tay"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-14T15:45:57.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-249/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-27253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "R7800",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware version 1.0.2.76"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "NETGEAR"
              }
            ]
          }
        },
        "credit": "Ho\\xc3\\xa0ng Th\\xe1\\xba\\xa1ch Nguy\\xe1\\xbb\\x85n, Lucas Tay",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Nighthawk R7800. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the rc_service parameter provided to apply_bind.cgi. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12303."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122: Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders",
              "refsource": "MISC",
              "url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-249/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-249/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-27253",
    "datePublished": "2021-04-14T15:45:58.000Z",
    "dateReserved": "2021-02-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:48:16.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26691 (GCVE-0-2021-26691)

Vulnerability from cvelistv5 – Published: 2021-06-10 07:10 – Updated: 2024-08-03 20:33
VLAI
Title
Apache HTTP Server mod_session response handling heap overflow
Summary
In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow
Severity
No CVSS data available.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Apache Software Foundation Apache HTTP Server Affected: 2.4.46
Affected: 2.4.43
Affected: 2.4.41
Affected: 2.4.39
Affected: 2.4.38
Affected: 2.4.37
Affected: 2.4.35
Affected: 2.4.34
Affected: 2.4.33
Affected: 2.4.29
Affected: 2.4.28
Affected: 2.4.27
Affected: 2.4.26
Affected: 2.4.25
Affected: 2.4.23
Affected: 2.4.20
Affected: 2.4.18
Affected: 2.4.17
Affected: 2.4.16
Affected: 2.4.12
Affected: 2.4.10
Affected: 2.4.9
Affected: 2.4.7
Affected: 2.4.6
Affected: 2.4.4
Affected: 2.4.3
Affected: 2.4.2
Affected: 2.4.1
Affected: 2.4.0
Create a notification for this product.
Credits
Discovered internally Christophe Jaillet
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:33:40.152Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/06/10/7"
          },
          {
            "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
          },
          {
            "name": "DSA-4937",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4937"
          },
          {
            "name": "GLSA-202107-38",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-38"
          },
          {
            "name": "FEDORA-2021-dce7e7738e",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
          },
          {
            "name": "FEDORA-2021-e3f6dd670d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.4.46"
            },
            {
              "status": "affected",
              "version": "2.4.43"
            },
            {
              "status": "affected",
              "version": "2.4.41"
            },
            {
              "status": "affected",
              "version": "2.4.39"
            },
            {
              "status": "affected",
              "version": "2.4.38"
            },
            {
              "status": "affected",
              "version": "2.4.37"
            },
            {
              "status": "affected",
              "version": "2.4.35"
            },
            {
              "status": "affected",
              "version": "2.4.34"
            },
            {
              "status": "affected",
              "version": "2.4.33"
            },
            {
              "status": "affected",
              "version": "2.4.29"
            },
            {
              "status": "affected",
              "version": "2.4.28"
            },
            {
              "status": "affected",
              "version": "2.4.27"
            },
            {
              "status": "affected",
              "version": "2.4.26"
            },
            {
              "status": "affected",
              "version": "2.4.25"
            },
            {
              "status": "affected",
              "version": "2.4.23"
            },
            {
              "status": "affected",
              "version": "2.4.20"
            },
            {
              "status": "affected",
              "version": "2.4.18"
            },
            {
              "status": "affected",
              "version": "2.4.17"
            },
            {
              "status": "affected",
              "version": "2.4.16"
            },
            {
              "status": "affected",
              "version": "2.4.12"
            },
            {
              "status": "affected",
              "version": "2.4.10"
            },
            {
              "status": "affected",
              "version": "2.4.9"
            },
            {
              "status": "affected",
              "version": "2.4.7"
            },
            {
              "status": "affected",
              "version": "2.4.6"
            },
            {
              "status": "affected",
              "version": "2.4.4"
            },
            {
              "status": "affected",
              "version": "2.4.3"
            },
            {
              "status": "affected",
              "version": "2.4.2"
            },
            {
              "status": "affected",
              "version": "2.4.1"
            },
            {
              "status": "affected",
              "version": "2.4.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Discovered internally Christophe Jaillet"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow"
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T14:41:53.000Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe%40%3Cannounce.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3Cdev.httpd.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/06/10/7"
        },
        {
          "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
        },
        {
          "name": "DSA-4937",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4937"
        },
        {
          "name": "GLSA-202107-38",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202107-38"
        },
        {
          "name": "FEDORA-2021-dce7e7738e",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
        },
        {
          "name": "FEDORA-2021-e3f6dd670d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache HTTP Server mod_session response handling heap overflow",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-26691",
          "STATE": "PUBLIC",
          "TITLE": "Apache HTTP Server mod_session response handling heap overflow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache HTTP Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.46"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.43"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.41"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.39"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.38"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.37"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.35"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.34"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.33"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.29"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.28"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.27"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.26"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.25"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.23"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.20"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.18"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.17"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.16"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.12"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.10"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.9"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.7"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.6"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.4"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.3"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.2"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.1"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "2.4",
                            "version_value": "2.4.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Discovered internally Christophe Jaillet"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache HTTP Server versions 2.4.0 to 2.4.46 a specially crafted SessionHeader sent by an origin server could cause a heap overflow"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "low"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122 Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://httpd.apache.org/security/vulnerabilities_24.html",
              "refsource": "MISC",
              "url": "http://httpd.apache.org/security/vulnerabilities_24.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3Ccvs.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-announce] 20210609 CVE-2021-26691: mod_session response handling heap overflow",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r50cae1b71f1e7421069036b213c26da7d8f47dd59874e3bd956959fe@%3Cannounce.httpd.apache.org%3E"
            },
            {
              "name": "[httpd-dev] 20210610 Re: svn commit: r1890598 - in /httpd/site/trunk/content/security/json: CVE-2019-17567.json CVE-2020-13938.json CVE-2020-13950.json CVE-2020-35452.json CVE-2021-26690.json CVE-2021-26691.json CVE-2021-30641.json CVE-2021-31618.json",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3Cdev.httpd.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210609 CVE-2021-26691: Apache httpd: mod_session response handling heap overflow",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/06/10/7"
            },
            {
              "name": "[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html"
            },
            {
              "name": "DSA-4937",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4937"
            },
            {
              "name": "GLSA-202107-38",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202107-38"
            },
            {
              "name": "FEDORA-2021-dce7e7738e",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"
            },
            {
              "name": "FEDORA-2021-e3f6dd670d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210702-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210702-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-26691",
    "datePublished": "2021-06-10T07:10:23.000Z",
    "dateReserved": "2021-02-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:33:40.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26603 (GCVE-0-2021-26603)

Vulnerability from cvelistv5 – Published: 2021-09-09 11:16 – Updated: 2024-08-03 20:26
VLAI
Title
bandisoft ARK library heap overflow vulnerability
Summary
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
bandisoft ARK Affected: 7.13.0.3 , ≤ 7.13.0.3 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:25.472Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Windows"
          ],
          "product": "ARK",
          "vendor": "bandisoft",
          "versions": [
            {
              "lessThanOrEqual": "7.13.0.3",
              "status": "affected",
              "version": "7.13.0.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-09T11:16:32.000Z",
        "orgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
        "shortName": "krcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "bandisoft ARK library heap overflow vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vuln@krcert.or.kr",
          "ID": "CVE-2021-26603",
          "STATE": "PUBLIC",
          "TITLE": "bandisoft ARK library heap overflow vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ARK",
                      "version": {
                        "version_data": [
                          {
                            "platform": "Windows",
                            "version_affected": "\u003c=",
                            "version_name": "7.13.0.3",
                            "version_value": "7.13.0.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "bandisoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length check."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122 Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237",
              "refsource": "MISC",
              "url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36237"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cdd7a122-0fae-4202-8d86-14efbacc2863",
    "assignerShortName": "krcert",
    "cveId": "CVE-2021-26603",
    "datePublished": "2021-09-09T11:16:32.000Z",
    "dateReserved": "2021-02-03T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:26:25.472Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-26330 (GCVE-0-2021-26330)

Vulnerability from cvelistv5 – Published: 2021-11-16 18:19 – Updated: 2024-09-16 18:12
VLAI
Summary
AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources.
Severity
No CVSS data available.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
AMD
References
Impacted products
Vendor Product Version
AMD 1st Gen AMD EPYC™ Affected: unspecified , < NaplesPI-SP3_1.0.0.G (custom)
Create a notification for this product.
AMD 2nd Gen AMD EPYC™ Affected: unspecified , < RomePI-SP3_1.0.0.C (custom)
Create a notification for this product.
AMD 3rd Gen AMD EPYC™ Affected: unspecified , < MilanPI-SP3_1.0.0.4 (custom)
Create a notification for this product.
Date Public
2021-11-09 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:26:23.947Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "1st Gen AMD EPYC\u2122",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "NaplesPI-SP3_1.0.0.G",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "2nd Gen AMD EPYC\u2122",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "RomePI-SP3_1.0.0.C",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "3rd Gen AMD EPYC\u2122",
          "vendor": "AMD",
          "versions": [
            {
              "lessThan": "MilanPI-SP3_1.0.0.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-16T18:19:29.000Z",
        "orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
        "shortName": "AMD"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
        }
      ],
      "source": {
        "advisory": "AMD-SB-1021",
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@amd.com",
          "DATE_PUBLIC": "2021-11-09T20:00:00.000Z",
          "ID": "CVE-2021-26330",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "1st Gen AMD EPYC\u2122",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "NaplesPI-SP3_1.0.0.G"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "2nd Gen AMD EPYC\u2122",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "RomePI-SP3_1.0.0.C"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "3rd Gen AMD EPYC\u2122",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "MilanPI-SP3_1.0.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "AMD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122 Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021",
              "refsource": "MISC",
              "url": "https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1021"
            }
          ]
        },
        "source": {
          "advisory": "AMD-SB-1021",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
    "assignerShortName": "AMD",
    "cveId": "CVE-2021-26330",
    "datePublished": "2021-11-16T18:19:29.476Z",
    "dateReserved": "2021-01-29T00:00:00.000Z",
    "dateUpdated": "2024-09-16T18:12:54.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25668 (GCVE-0-2021-25668)

Vulnerability from cvelistv5 – Published: 2021-04-22 20:42 – Updated: 2024-08-03 20:11
VLAI
Summary
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT (All versions < 5.5.1), SCALANCE X201-3P IRT PRO (All versions < 5.5.1), SCALANCE X202-2 IRT (All versions < 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions < 5.5.1), SCALANCE X202-2P IRT PRO (All versions < 5.5.1), SCALANCE X204 IRT (All versions < 5.5.1), SCALANCE X204 IRT PRO (All versions < 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2FM (All versions < V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X204-2LD TS (All versions < V5.2.5), SCALANCE X204-2TS (All versions < V5.2.5), SCALANCE X206-1 (All versions < V5.2.5), SCALANCE X206-1LD (All versions < V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X208PRO (All versions < V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE X212-2LD (All versions < V5.2.5), SCALANCE X216 (All versions < V5.2.5), SCALANCE X224 (All versions < V5.2.5), SCALANCE XF201-3P IRT (All versions < 5.5.1), SCALANCE XF202-2P IRT (All versions < 5.5.1), SCALANCE XF204 (All versions < V5.2.5), SCALANCE XF204 IRT (All versions < 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions < V5.2.5), SCALANCE XF204-2BA IRT (All versions < 5.5.1), SCALANCE XF206-1 (All versions < V5.2.5), SCALANCE XF208 (All versions < V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code.
Severity
No CVSS data available.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Siemens SCALANCE X200-4P IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X201-3P IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X201-3P IRT PRO Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X202-2 IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X202-2P IRT (incl. SIPLUS NET variant) Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X202-2P IRT PRO Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X204 IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X204 IRT PRO Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE X204-2 (incl. SIPLUS NET variant) Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X204-2FM Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X204-2LD (incl. SIPLUS NET variant) Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X204-2LD TS Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X204-2TS Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X206-1 Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X206-1LD Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X208 (incl. SIPLUS NET variant) Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X208PRO Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X212-2 (incl. SIPLUS NET variant) Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X212-2LD Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X216 Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE X224 Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE XF201-3P IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE XF202-2P IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE XF204 Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE XF204 IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE XF204-2 (incl. SIPLUS NET variant) Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE XF204-2BA IRT Affected: All versions < 5.5.1
Create a notification for this product.
Siemens SCALANCE XF206-1 Affected: All versions < V5.2.5
Create a notification for this product.
Siemens SCALANCE XF208 Affected: All versions < V5.2.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:11:27.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SCALANCE X200-4P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X201-3P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X202-2 IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X202-2P IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X204 IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X204 IRT PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X204-2FM",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X204-2LD TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X204-2TS",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X206-1LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X208 (incl. SIPLUS NET variant)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X208PRO",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X212-2LD",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X216",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE X224",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE XF201-3P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE XF202-2P IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE XF204",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE XF204 IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE XF204-2BA IRT",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c 5.5.1"
            }
          ]
        },
        {
          "product": "SCALANCE XF206-1",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        },
        {
          "product": "SCALANCE XF208",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V5.2.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T10:47:23.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-25668",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SCALANCE X200-4P IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X201-3P IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X201-3P IRT PRO",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X202-2 IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X202-2P IRT PRO",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X204 IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X204 IRT PRO",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X204-2 (incl. SIPLUS NET variant)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X204-2FM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X204-2LD (incl. SIPLUS NET variant)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X204-2LD TS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X204-2TS",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X206-1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X206-1LD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X208 (incl. SIPLUS NET variant)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X208PRO",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X212-2 (incl. SIPLUS NET variant)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X212-2LD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X216",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE X224",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF201-3P IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF202-2P IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF204",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF204 IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF204-2 (incl. SIPLUS NET variant)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF204-2BA IRT",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c 5.5.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF206-1",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SCALANCE XF208",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V5.2.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in SCALANCE X200-4P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT (All versions \u003c 5.5.1), SCALANCE X201-3P IRT PRO (All versions \u003c 5.5.1), SCALANCE X202-2 IRT (All versions \u003c 5.5.1), SCALANCE X202-2P IRT (incl. SIPLUS NET variant) (All versions \u003c 5.5.1), SCALANCE X202-2P IRT PRO (All versions \u003c 5.5.1), SCALANCE X204 IRT (All versions \u003c 5.5.1), SCALANCE X204 IRT PRO (All versions \u003c 5.5.1), SCALANCE X204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2FM (All versions \u003c V5.2.5), SCALANCE X204-2LD (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X204-2LD TS (All versions \u003c V5.2.5), SCALANCE X204-2TS (All versions \u003c V5.2.5), SCALANCE X206-1 (All versions \u003c V5.2.5), SCALANCE X206-1LD (All versions \u003c V5.2.5), SCALANCE X208 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X208PRO (All versions \u003c V5.2.5), SCALANCE X212-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE X212-2LD (All versions \u003c V5.2.5), SCALANCE X216 (All versions \u003c V5.2.5), SCALANCE X224 (All versions \u003c V5.2.5), SCALANCE XF201-3P IRT (All versions \u003c 5.5.1), SCALANCE XF202-2P IRT (All versions \u003c 5.5.1), SCALANCE XF204 (All versions \u003c V5.2.5), SCALANCE XF204 IRT (All versions \u003c 5.5.1), SCALANCE XF204-2 (incl. SIPLUS NET variant) (All versions \u003c V5.2.5), SCALANCE XF204-2BA IRT (All versions \u003c 5.5.1), SCALANCE XF206-1 (All versions \u003c V5.2.5), SCALANCE XF208 (All versions \u003c V5.2.5). Incorrect processing of POST requests in the webserver may result in write out of bounds in heap. An attacker might leverage this to cause denial-of-service on the device and potentially remotely execute code."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122: Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-25668",
    "datePublished": "2021-04-22T20:42:20.000Z",
    "dateReserved": "2021-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:11:27.504Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25495 (GCVE-0-2021-25495)

Vulnerability from cvelistv5 – Published: 2021-10-06 17:11 – Updated: 2024-08-03 20:03
VLAI
Summary
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Notes Affected: - , < 4.3.02.61 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.855Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Notes",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "4.3.02.61",
              "status": "affected",
              "version": "-",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T17:11:19.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=10"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25495",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Notes",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "-",
                            "version_value": "4.3.02.61"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122: Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=10",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2021\u0026month=10"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25495",
    "datePublished": "2021-10-06T17:11:19.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:03:05.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25479 (GCVE-0-2021-25479)

Vulnerability from cvelistv5 – Published: 2021-10-06 17:09 – Updated: 2024-08-03 20:03
VLAI
Summary
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Affected: O(8.1), P(9.0), Q(10.0), R(11.0) , < SMR Oct-2021 Release 1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR Oct-2021 Release 1",
              "status": "affected",
              "version": "O(8.1), P(9.0), Q(10.0), R(11.0)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T17:09:19.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25479",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
                            "version_value": "SMR Oct-2021 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122: Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25479",
    "datePublished": "2021-10-06T17:09:19.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:03:05.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25475 (GCVE-0-2021-25475)

Vulnerability from cvelistv5 – Published: 2021-10-06 17:08 – Updated: 2024-08-03 20:03
VLAI
Summary
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Affected: Q(10.0), R(11.0) , < SMR Oct-2021 Release 1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.759Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR Oct-2021 Release 1",
              "status": "affected",
              "version": "Q(10.0), R(11.0)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-06T17:08:30.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25475",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Q(10.0), R(11.0)",
                            "version_value": "SMR Oct-2021 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122: Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=10"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25475",
    "datePublished": "2021-10-06T17:08:30.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:03:05.759Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25449 (GCVE-0-2021-25449)

Vulnerability from cvelistv5 – Published: 2021-09-09 18:03 – Updated: 2024-08-03 20:03
VLAI
Summary
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Affected: O(8.1), P(9.0), Q(10.0), R(11.0) , < SMR Sep-2021 Release 1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR Sep-2021 Release 1",
              "status": "affected",
              "version": "O(8.1), P(9.0), Q(10.0), R(11.0)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-09T18:03:48.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=9"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "O(8.1), P(9.0), Q(10.0), R(11.0)",
                            "version_value": "SMR Sep-2021 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122 Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=9",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=9"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25449",
    "datePublished": "2021-09-09T18:03:48.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:03:05.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-25387 (GCVE-0-2021-25387)

Vulnerability from cvelistv5 – Published: 2021-06-11 14:45 – Updated: 2024-08-03 20:03
VLAI
Summary
An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
Samsung Mobile Samsung Mobile Devices Affected: O(8.1), P(9.x), Q(10.0), R(11.0) , < SMR MAY-2021 Release 1 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:03:05.544Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Samsung Mobile Devices",
          "vendor": "Samsung Mobile",
          "versions": [
            {
              "lessThan": "SMR MAY-2021 Release 1",
              "status": "affected",
              "version": "O(8.1), P(9.x), Q(10.0), R(11.0)",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-11T14:45:21.000Z",
        "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "shortName": "Samsung Mobile"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "mobile.security@samsung.com",
          "ID": "CVE-2021-25387",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Samsung Mobile Devices",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "O(8.1), P(9.x), Q(10.0), R(11.0)",
                            "version_value": "SMR MAY-2021 Release 1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Samsung Mobile"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122 Heap-based Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5",
              "refsource": "MISC",
              "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2021\u0026month=5"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
    "assignerShortName": "Samsung Mobile",
    "cveId": "CVE-2021-25387",
    "datePublished": "2021-06-11T14:45:21.000Z",
    "dateReserved": "2021-01-19T00:00:00.000Z",
    "dateUpdated": "2024-08-03T20:03:05.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation

Pre-design: Use a language or compiler that performs automatic bounds checking.

Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Strategy: Libraries or Frameworks

Do not use dangerous functions such as gets. Look for their safe equivalent, which checks for the boundary.

Mitigation
Operation

Use OS-level preventative functionality. This is not a complete solution, but it provides some defense in depth.

CAPEC-92: Forced Integer Overflow

This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.