Lucene search

[email protected]NVD:CVE-2021-32142

HistoryFeb 17, 2023 - 6:15 p.m.

CVE-2021-32142

2023-02-1718:15:10

CWE-787

[email protected]

web.nvd.nist.gov

buffer overflow

libraw

linux/unix

privilege escalation

cve-2021-32142

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.

Affected configurations

NVD

Node

librawlibrawMatch0.20.0

References

github.com/gtt1995

github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49

github.com/LibRaw/LibRaw/issues/400

lists.debian.org/debian-lts-announce/2023/05/msg00025.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5ICTVDRGBWGIFBTUWJLGX7QM5GWBWUG7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E7TEZ7CLRNYYQZJ5NJGZXK6YJU46WH2L/

www.debian.org/security/2023/dsa-5412

www.libraw.org/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

JSON

Related for NVD:CVE-2021-32142

debiancve1 nessus20 mageia1 osv7 redhat3 openvas8 cvelist1 almalinux2 oraclelinux3 rocky1 cve1 redhatcve1 rosalinux1 ubuntucve1 veracode1 fedora2 prion1 centos1 debian2 ubuntu1 slackware1 amazon1