5.5
CVE-2021-42917
- EPSS 1.87%
- Veröffentlicht 01.11.2021 19:15:07
- Zuletzt bearbeitet 21.11.2024 06:28:18
- CVE-Watchlists
- Unerledigt
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.87% | 0.766 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html
https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
https://github.com/xbmc/xbmc/commit/48730b64494798705d46dfccc4029bd36d072df3
https://github.com/xbmc/xbmc/issues/20305
https://github.com/xbmc/xbmc/pull/20306