CVE-2021-20204

https://notcve.org/view.php?id=CVE-2021-20204

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. Se puede desencadenar un problema de corrupción de la memoria de la pila (usar de la memoria previamente liberada) en libgetdata versión v0.10.0, cuando se procesan bases de datos de archivos de directorio diseñadas maliciosamente. Esto degrada la confidencialidad, integridad y disponibilidad del software de terceros que usa libgetdata como biblioteca. • https://bugzilla.redhat.com/show_bug.cgi?id=1956348 https://lists.debian.org/debian-lts-announce/2021/05/msg00015.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/43JTGEMYMCTHD3LHFD7ENBNSWCNBCYEY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GB7T7DW7XRPJOUE25ZE7GF244FPCHBWY https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OE23HBLIVKVPOQ5MVADWPOCFMREVF4QZ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •