Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9821 vulnerabilities reference this CWE, most recent first.

CVE-2021-33480 (GCVE-0-2021-33480)

Vulnerability from cvelistv5 – Published: 2021-11-17 00:00 – Updated: 2024-08-03 23:50
VLAI
Summary
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a gocr Affected: gocr 0.53-20200802
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/jocr/bugs/40/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/jocr/bugs/41/"
          },
          {
            "name": "GLSA-202401-28",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-28"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gocr",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "gocr 0.53-20200802"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-24T05:06:46.403Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854"
        },
        {
          "url": "https://sourceforge.net/p/jocr/bugs/40/"
        },
        {
          "url": "https://sourceforge.net/p/jocr/bugs/41/"
        },
        {
          "name": "GLSA-202401-28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-28"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2021-33480",
    "datePublished": "2021-11-17T00:00:00.000Z",
    "dateReserved": "2021-05-20T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:50:42.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32944 (GCVE-0-2021-32944)

Vulnerability from cvelistv5 – Published: 2021-06-17 12:50 – Updated: 2024-08-03 23:33
VLAI
Summary
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a Drawings SDK Affected: All versions prior to 2022.4
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:55.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drawings SDK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 2022.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "USE AFTER FREE CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-08T14:06:24.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-32944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drawings SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to 2022.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE AFTER FREE CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-32944",
    "datePublished": "2021-06-17T12:50:37.000Z",
    "dateReserved": "2021-05-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:33:55.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32781 (GCVE-0-2021-32781)

Vulnerability from cvelistv5 – Published: 2021-08-24 20:50 – Updated: 2024-08-03 23:33
VLAI
Title
Continued processing of requests after locally generated response
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.
CWE
Assigner
References
Impacted products
Vendor Product Version
envoyproxy envoy Affected: >= 1.19.0, < 1.19.1
Affected: >= 1.18.0, < 1.18.4
Affected: >= 1.17.0, < 1.17.4
Affected: >= 1.16.0, < 1.16.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:55.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.19.0, \u003c 1.19.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.18.0, \u003c 1.18.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.17.0, \u003c 1.17.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.16.0, \u003c 1.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy\u0027s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-24T20:50:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
        }
      ],
      "source": {
        "advisory": "GHSA-5vhv-gp9v-42qv",
        "discovery": "UNKNOWN"
      },
      "title": "Continued processing of requests after locally generated response",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32781",
          "STATE": "PUBLIC",
          "TITLE": "Continued processing of requests after locally generated response"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "envoy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.19.0, \u003c 1.19.1"
                          },
                          {
                            "version_value": "\u003e= 1.18.0, \u003c 1.18.4"
                          },
                          {
                            "version_value": "\u003e= 1.17.0, \u003c 1.17.4"
                          },
                          {
                            "version_value": "\u003e= 1.16.0, \u003c 1.16.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "envoyproxy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy\u0027s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
              "refsource": "MISC",
              "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
            },
            {
              "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv",
              "refsource": "CONFIRM",
              "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-5vhv-gp9v-42qv",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32781",
    "datePublished": "2021-08-24T20:50:10.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:33:55.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32613 (GCVE-0-2021-32613)

Vulnerability from cvelistv5 – Published: 2021-05-14 12:11 – Updated: 2024-08-03 23:25
VLAI
Summary
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a radare2 Affected: radare2 versions before and including 5.3.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/issues/18679"
          },
          {
            "name": "FEDORA-2021-ca59eb65a9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/"
          },
          {
            "name": "FEDORA-2021-834f900f53",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/issues/18667"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/issues/18666"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "radare2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "radare2 versions before and including 5.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-29T19:00:07.000Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/issues/18679"
        },
        {
          "name": "FEDORA-2021-ca59eb65a9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/"
        },
        {
          "name": "FEDORA-2021-834f900f53",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/issues/18667"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/issues/18666"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "patrick@puiterwijk.org",
          "ID": "CVE-2021-32613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "radare2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "radare2 versions before and including 5.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939"
            },
            {
              "name": "https://github.com/radareorg/radare2/issues/18679",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/issues/18679"
            },
            {
              "name": "FEDORA-2021-ca59eb65a9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/"
            },
            {
              "name": "FEDORA-2021-834f900f53",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/"
            },
            {
              "name": "https://github.com/radareorg/radare2/issues/18667",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/issues/18667"
            },
            {
              "name": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"
            },
            {
              "name": "https://github.com/radareorg/radare2/issues/18666",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/issues/18666"
            },
            {
              "name": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2021-32613",
    "datePublished": "2021-05-14T12:11:40.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:25:30.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32589 (GCVE-0-2021-32589)

Vulnerability from cvelistv5 – Published: 2024-12-19 12:22 – Updated: 2024-12-20 21:55
VLAI
Summary
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-416 - Execute unauthorized code or commands
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiManager Affected: 7.0.0
Affected: 6.4.0 , ≤ 6.4.5 (semver)
Affected: 6.2.0 , ≤ 6.2.7 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 5.6.0 , ≤ 5.6.10 (semver)
Affected: 5.4.0 , ≤ 5.4.7 (semver)
Affected: 5.2.0 , ≤ 5.2.10 (semver)
Affected: 5.0.0 , ≤ 5.0.12 (semver)
    cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.12:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortimanager:5.0.0:*:*:*:*:*:*:*
Create a notification for this product.
Fortinet FortiAnalyzer Affected: 7.0.0
Affected: 6.4.0 , ≤ 6.4.5 (semver)
Affected: 6.2.0 , ≤ 6.2.7 (semver)
Affected: 6.0.0 , ≤ 6.0.10 (semver)
Affected: 5.6.0 , ≤ 5.6.10 (semver)
Affected: 5.4.0 , ≤ 5.4.7 (semver)
Affected: 5.3.11
Affected: 5.2.4 , ≤ 5.2.10 (semver)
    cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.3.11:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.10:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.9:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.8:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.7:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.6:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.5:*:*:*:*:*:*:*
    cpe:2.3:o:fortinet:fortianalyzer:5.2.4:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T21:54:22.696432Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T21:55:26.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortimanager:5.0.0:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiManager",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "6.4.5",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.7",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.10",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.7",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.2.10",
              "status": "affected",
              "version": "5.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.12",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.2.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:6.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.3:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.3.11:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.10:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.9:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.8:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:o:fortinet:fortianalyzer:5.2.4:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiAnalyzer",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "lessThanOrEqual": "6.4.5",
              "status": "affected",
              "version": "6.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.2.7",
              "status": "affected",
              "version": "6.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.0.10",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.6.10",
              "status": "affected",
              "version": "5.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.7",
              "status": "affected",
              "version": "5.4.0",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "5.3.11"
            },
            {
              "lessThanOrEqual": "5.2.10",
              "status": "affected",
              "version": "5.2.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:W/RC:C",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Execute unauthorized code or commands",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T16:13:18.521Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.fortinet.com/psirt/FG-IR-21-067",
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-21-067"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiPortal version 6.0.6 or above \nPlease upgrade to FortiPortal version 5.3.7 or above \nPlease upgrade to FortiManager version 7.0.1 or above \nPlease upgrade to FortiManager version 6.4.6 or above \nPlease upgrade to FortiManager version 6.2.8 or above \nPlease upgrade to FortiManager version 6.0.11 or above \nPlease upgrade to FortiManager version 5.6.11 or above \nPlease upgrade to FortiAnalyzer version 7.0.1 or above \nPlease upgrade to FortiAnalyzer version 6.4.6 or above \nPlease upgrade to FortiAnalyzer version 6.2.8 or above \nPlease upgrade to FortiAnalyzer version 6.0.11 or above \nPlease upgrade to FortiAnalyzer version 5.6.11 or above"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-32589",
    "datePublished": "2024-12-19T12:22:32.543Z",
    "dateReserved": "2021-05-11T21:19:05.181Z",
    "dateUpdated": "2024-12-20T21:55:26.925Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32495 (GCVE-0-2021-32495)

Vulnerability from cvelistv5 – Published: 2023-07-07 18:27 – Updated: 2024-11-12 19:46
VLAI
Summary
Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
radare2 radare2 Affected: radare2 5.3.0-git 26142
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:17:29.560Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/issues/18666"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-32495",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:46:13.252237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:46:27.537Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "radare2",
          "vendor": "radare2",
          "versions": [
            {
              "status": "affected",
              "version": "radare2 5.3.0-git 26142"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cpre\u003eRadare2 has a use-after-free vulnerability in pyc parser\u0027s get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.\u003c/pre\u003e"
            }
          ],
          "value": "Radare2 has a use-after-free vulnerability in pyc parser\u0027s get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-07T18:27:29.097Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "url": "https://github.com/radareorg/radare2/issues/18666"
        },
        {
          "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2021-32495",
    "datePublished": "2023-07-07T18:27:29.097Z",
    "dateReserved": "2021-05-10T18:31:31.214Z",
    "dateUpdated": "2024-11-12T19:46:27.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31516 (GCVE-0-2021-31516)

Vulnerability from cvelistv5 – Published: 2021-06-29 14:33 – Updated: 2024-08-03 23:03
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670.
CWE
Assigner
zdi
References
Impacted products
Vendor Product Version
Vector 35 Binary Ninja Affected: 2.3.2660 (Build ID 88f343c3)
Create a notification for this product.
Credits
Mat Powell of Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Binary Ninja",
          "vendor": "Vector 35",
          "versions": [
            {
              "status": "affected",
              "version": "2.3.2660 (Build ID 88f343c3)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mat Powell of Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-29T14:33:58.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-31516",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Binary Ninja",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.3.2660 (Build ID 88f343c3)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Vector 35"
              }
            ]
          }
        },
        "credit": "Mat Powell of Trend Micro Zero Day Initiative",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vector 35 Binary Ninja 2.3.2660 (Build ID 88f343c3). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BNDB files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13670."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories",
              "refsource": "MISC",
              "url": "https://binary.ninja/2021/06/03/2.4-release.html#security-advisories"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-677/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-31516",
    "datePublished": "2021-06-29T14:33:58.000Z",
    "dateReserved": "2021-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:03:33.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31502 (GCVE-0-2021-31502)

Vulnerability from cvelistv5 – Published: 2021-06-15 19:11 – Updated: 2024-08-03 23:03
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673.
CWE
Assigner
zdi
References
Impacted products
Vendor Product Version
OpenText Brava! Desktop Affected: Build 16.6.4.55
Create a notification for this product.
Credits
Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.371Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Brava! Desktop",
          "vendor": "OpenText",
          "versions": [
            {
              "status": "affected",
              "version": "Build 16.6.4.55"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-15T19:11:47.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-31502",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Brava! Desktop",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Build 16.6.4.55"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenText"
              }
            ]
          }
        },
        "credit": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-642/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-31502",
    "datePublished": "2021-06-15T19:11:47.000Z",
    "dateReserved": "2021-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:03:33.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31497 (GCVE-0-2021-31497)

Vulnerability from cvelistv5 – Published: 2021-06-15 19:11 – Updated: 2024-08-03 23:03
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311.
CWE
Assigner
zdi
References
Impacted products
Vendor Product Version
OpenText Brava! Desktop Affected: 16.6.3.84
Create a notification for this product.
Credits
Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Brava! Desktop",
          "vendor": "OpenText",
          "versions": [
            {
              "status": "affected",
              "version": "16.6.3.84"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-15T19:11:39.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-31497",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Brava! Desktop",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.6.3.84"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenText"
              }
            ]
          }
        },
        "credit": "Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-637/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-31497",
    "datePublished": "2021-06-15T19:11:39.000Z",
    "dateReserved": "2021-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:03:33.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-31470 (GCVE-0-2021-31470)

Vulnerability from cvelistv5 – Published: 2021-05-07 20:16 – Updated: 2024-08-03 23:03
VLAI
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947.
CWE
Assigner
zdi
References
Impacted products
Vendor Product Version
Foxit Reader Affected: 10.1.1.37576
Create a notification for this product.
Credits
Mat Powell of Trend Micro Zero Day Initiative
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:03:33.520Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-527/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Reader",
          "vendor": "Foxit",
          "versions": [
            {
              "status": "affected",
              "version": "10.1.1.37576"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Mat Powell of Trend Micro Zero Day Initiative"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-05-07T20:16:42.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-527/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2021-31470",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Reader",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.1.1.37576"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Foxit"
              }
            ]
          }
        },
        "credit": "Mat Powell of Trend Micro Zero Day Initiative",
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12947."
            }
          ]
        },
        "impact": {
          "cvss": {
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
              "refsource": "MISC",
              "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-527/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-527/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2021-31470",
    "datePublished": "2021-05-07T20:16:42.000Z",
    "dateReserved": "2021-04-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:03:33.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.