6.9

CVE-2021-3696

EPSS 0.11%
Veröffentlicht 06.07.2022 16:15:08
Zuletzt bearbeitet 21.11.2024 06:22:10
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gnu ≫ Grub2 Version >= 2.00 < 2.12

Redhat ≫ Developer Tools Version1.0

Redhat ≫ Openshift Version3.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version8.1

Redhat ≫ Enterprise Linux Version8.4

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Eus Version8.2

Redhat ≫ Enterprise Linux Eus Version8.4

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version9.0

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0

Redhat ≫ Enterprise Linux For Power Little Endian Version9.0

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.1

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.2

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.4

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version8.6

Redhat ≫ Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Version9.0

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Openshift Container Platform Version4.6

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Openshift Container Platform Version4.9

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Openshift Container Platform Version4.10

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Codeready Linux Builder Version-

   Redhat ≫ Enterprise Linux Version8.0
   Redhat ≫ Enterprise Linux Version9.0
   Redhat ≫ Enterprise Linux Eus Version8.2
   Redhat ≫ Enterprise Linux Eus Version8.4
   Redhat ≫ Enterprise Linux Eus Version8.6
   Redhat ≫ Enterprise Linux Eus Version9.0

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.306

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.5	1	3.4	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://security.gentoo.org/glsa/202209-12

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220930-0001/

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1991686

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-3696

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3696

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3696

EUVD