CVE-2021-33035

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10

References

https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.openoffice.apache.org%3E

http://www.openwall.com/lists/oss-security/2021/10/07/3

Details

Source: MITRE

Published: 2021-09-23

Updated: 2021-10-07

Type: CWE-120

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:* versions up to 4.1.10 (inclusive)

Tenable Plugins

View all (2 total)

IDNameProductFamilySeverity
154166Apache OpenOffice < 4.1.11 Multiple VulnerabilitiesNessusWindows
medium
153984FreeBSD : Apache OpenOffice -- multiple vulnerabilities. (04d2cf7f-2942-11ec-b48c-1c1b0d9ea7e6)NessusFreeBSD Local Security Checks
high