CVE-2021-3504

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1949687

https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22/

https://lists.fedoraproject.org/archives/list/[email protected]/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/

Details

Source: MITRE

Published: 2021-05-11

Updated: 2021-06-21

Type: CWE-125

Risk Information

CVSS v2

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

Impact Score: 2.5

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (17 total)

IDNameProductFamilySeverity
153301EulerOS 2.0 SP2 : hivex (EulerOS-SA-2021-2380)NessusHuawei Local Security Checks
medium
153071EulerOS 2.0 SP5 : hivex (EulerOS-SA-2021-2332)NessusHuawei Local Security Checks
medium
152538Oracle Linux 8 : virt:ol / and / virt-devel:rhel (ELSA-2021-3061)NessusOracle Linux Local Security Checks
medium
152461CentOS 8 : virt:rhel and virt-devel:rhel (CESA-2021:3061)NessusCentOS Local Security Checks
medium
152445RHEL 8 : virt:rhel and virt-devel:rhel (RHSA-2021:3061)NessusRed Hat Local Security Checks
medium
152300EulerOS 2.0 SP8 : hivex (EulerOS-SA-2021-2297)NessusHuawei Local Security Checks
medium
151709openSUSE 15 Security Update : hivex (openSUSE-SU-2021:1761-1)NessusSuSE Local Security Checks
medium
151320EulerOS Virtualization for ARM 64 3.0.2.0 : hivex (EulerOS-SA-2021-2087)NessusHuawei Local Security Checks
medium
150764CentOS 7 : hivex (CESA-2021:2318)NessusCentOS Local Security Checks
medium
150479Scientific Linux Security Update : hivex on SL7.x i686/x86_64 (2021:2318)NessusScientific Linux Local Security Checks
medium
150449Oracle Linux 7 : hivex (ELSA-2021-2318)NessusOracle Linux Local Security Checks
medium
150376RHEL 7 : hivex (RHSA-2021:2318)NessusRed Hat Local Security Checks
medium
150113openSUSE Security Update : hivex (openSUSE-2021-806)NessusSuSE Local Security Checks
medium
150024SUSE SLED15 / SLES15 Security Update : hivex (SUSE-SU-2021:1761-1)NessusSuSE Local Security Checks
medium
150017SUSE SLES12 Security Update : hivex (SUSE-SU-2021:1760-1)NessusSuSE Local Security Checks
medium
149423Debian DLA-2656-1 : hivex security updateNessusDebian Local Security Checks
medium
149373Debian DSA-4913-1 : hivex - security updateNessusDebian Local Security Checks
medium