CVE-2021-20204 – openSUSE Security Advisory - openSUSE-SU-2021:1645-1

https://notcve.org/view.php?id=CVE-2021-20204

06 May 2021 — A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. Se puede desencadenar un problema de corrupción de la memoria de la pila (usar de la memoria previamente liberada) en libgetdata... • https://bugzilla.redhat.com/show_bug.cgi?id=1956348 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-416: Use After Free •