CVE-2021-40647
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.
En man2html versión 1.6g, una cadena específica que es leída desde un archivo sobrescribirá el parámetro de tamaño en el chunk superior del montón. Esto al menos causa que el programa aborte la segmentación si el parámetro de tamaño de la pila no está alineado correctamente. En versiones anteriores a 2.29 de GLIBC y alineado correctamente, permite una escritura arbitraria en cualquier parte de la memoria del programa
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-07 CVE Reserved
- 2022-09-09 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-07-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Man2html Project Search vendor "Man2html Project" | Man2html Search vendor "Man2html Project" for product "Man2html" | 1.6g Search vendor "Man2html Project" for product "Man2html" and version "1.6g" | - |
Affected
|