Lucene search

[email protected]NVD:CVE-2021-26826

HistoryFeb 08, 2021 - 3:15 p.m.

CVE-2021-26826

2021-02-0815:15:12

CWE-787

[email protected]

web.nvd.nist.gov

stack overflow

godot engine

boundary checks

.tga image files

code execution

system crash

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.1%

JSON

A stack overflow issue exists in Godot Engine up to v3.2 and is caused by improper boundary checks when loading .TGA image files. Depending on the context of the application, attack vector can be local or remote, and can lead to code execution and/or system crash.

Affected configurations

Nvd

Node

godotenginegodot_engineRange≤3.2

VendorProductVersionCPE
godotenginegodot_engine*cpe:2.3:a:godotengine:godot_engine:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
godotengine	godot_engine	*	cpe:2.3:a:godotengine:godot_engine::::::::

References

github.com/godotengine/godot/pull/45701

github.com/godotengine/godot/pull/45701/commits/403e4fd08b0b212e96f53d926e6273e0745eaa5a

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

62.1%

JSON

Related for NVD:CVE-2021-26826

osv3 gitlab1 cvelist1 prion1 ubuntucve1 debiancve1 cve1 archlinux1