CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 1CVE-2021-3622 – hivex: stack overflow due to recursive call of _get_children()
https://notcve.org/view.php?id=CVE-2021-3622
A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. Se ha encontrado un fallo en hivex library. Este fallo permite a un atacante introducir un archivo del Registro de Windows (hive) especialmente diseñado, lo que causaría que hivex llamara recursivamente a la función _get_children(), conllevando a un desbordamiento de pila. • https://bugzilla.redhat.com/show_bug.cgi?id=1975489 https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255 https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S35TVTAPHORSUIFYNFBHKLQRPVFUPXBE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USD4OEV6L3RPHE32V2MJ4JPFBODINWSU https://access.redhat.com/security/cve/CVE-2021-3622 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-3504 – hivex: Buffer overflow when provided invalid node key length
https://notcve.org/view.php?id=CVE-2021-3504
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. Se encontró un fallo en hivex library en versiones anteriores a 1.3.20. • https://bugzilla.redhat.com/show_bug.cgi?id=1949687 https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22 https://access.redhat.com/security/cve/CVE-2021-3504 • CWE-125: Out-of-bounds Read •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 2CVE-2014-9273 – hivex: missing checks for small-sized files
https://notcve.org/view.php?id=CVE-2014-9273
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write. lib/handle.c en Hivex anterior a 1.3.11 permite a usuarios locales ejecutar código arbitrario y ganar privilegios a través de un fichero de hive pequeño, lo que provoca una lectura o escritura fuera de rango. It was found that hivex attempted to read, and possibly write, beyond its allocated buffer when reading a hive file with a very small size or with a truncated or improperly formatted content. An attacker able to supply a specially crafted hive file to an application using the hivex library could possibly use this flaw to execute arbitrary code with the privileges of the user running that application. • http://lists.opensuse.org/opensuse-updates/2015-02/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0301.html http://rhn.redhat.com/errata/RHSA-2015-1378.html http://secunia.com/advisories/62792 http://www.openwall.com/lists/oss-security/2014/11/25/6 http://www.openwall.com/lists/oss-security/2014/12/04/14 http://www.securityfocus.com/bid/71279 https://bugzilla.redhat.com/show_bug.cgi?id=1167756 https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •