CVE-2021-38172

Exploit

EPSS 1.17%
Veröffentlicht 05.02.2022 18:15:07
Zuletzt bearbeitet 21.11.2024 06:16:33
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Perm Version0.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.17%	0.767

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993019

Vendor Advisory

Exploit

https://lists.debian.org/debian-med/2021/08/msg00016.html

Vendor Advisory

Mailing List

https://packages.qa.debian.org/p/perm.html

Patch

Vendor Advisory

Issue Tracking

https://salsa.debian.org/med-team/perm/-/commits/master/

Patch

Vendor Advisory

https://tracker.debian.org/pkg/perm

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2021-38172

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-38172

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-38172

EUVD