Lucene search

K

TalosCVELIST:CVE-2021-21772

HistoryMar 10, 2021 - 12:00 a.m.

CVE-2021-21772

2021-03-1000:00:00

talos

www.cve.org

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.7%

A use-after-free vulnerability exists in the NMR::COpcPackageReader::releaseZIP() functionality of 3MF Consortium lib3mf 2.0.0. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "3MF",
    "versions": [
      {
        "version": "3MF Consortium lib3mf 2.0.0",
        "status": "affected"
      }
    ]
  }
]

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IHMMHD2EOMIVJ7EKZTJJMX4C7E6ZRWDL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPBS642OYVA6DUKK3HZHEINVWEDZSMEU/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDGGB65YBQL662M3MOBNNJJNRNURW4TG/

security.gentoo.org/glsa/202208-01

talosintelligence.com/vulnerability_reports/TALOS-2020-1226

www.debian.org/security/2021/dsa-4887

www.talosintelligence.com/vulnerability_reports/TALOS-2021-1226

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.7%

Related for CVELIST:CVE-2021-21772

osv3 fedora3 ubuntu1 openvas6 debiancve1 cve1 prion1 mageia1 talos2 gentoo1 nessus5 nvd1 ubuntucve1 debian1