Lucene search

[email protected]CVE-2021-35297

HistoryOct 01, 2021 - 1:15 p.m.

CVE-2021-35297

2021-10-0113:15:07

CWE-120

[email protected]

web.nvd.nist.gov

cve-2021-35297

scalabium dbase viewer

rce

dbf file

buffer overflow

seh records

remote code execution.

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Scalabium dBase Viewer version 2.6 (Build 5.751) is vulnerable to remote code execution via a crafted DBF file that triggers a buffer overflow. An attacker can use the Structured Exception Handler (SEH) records and redirect execution to attacker-controlled code.

Affected configurations

NVD

Node

scalabiumdbase_viewerMatch2.6

CPENameOperatorVersion
scalabium:dbase_viewerscalabium dbase viewereq2.6

CPE	Name	Operator	Version
scalabium:dbase_viewer	scalabium dbase viewer	eq	2.6

References

govtech-csg.github.io/security-advisories/2021/09/18/CVE-2021-35297.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2021-35297

prion1 cvelist1 nvd1