CVE-2021-21814 Information

Description

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char passed in by the user no checks are done to see if the passed in char is longer than the staticly sized buffer data is memcpy‘d into but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char but without length checks this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8