Lucene search

GoogleOSV:CVE-2021-42521

HistoryAug 25, 2022 - 6:15 p.m.

CVE-2021-42521

2022-08-2518:15:09

Google

osv.dev

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

51.5%

JSON

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn’t check the return value of libxml2 API ‘xmlDocGetRootElement’, and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.

CPENameOperatorVersion
vtkeq5.0.4
vtkeq8.1.0
vtkeq4.2.2
vtkeq1.3.x
vtkeq9.0.0.rc2
vtkeq2.2.x
vtkeq2.3.x
vtkeq6.1.0
vtkeq6.0.0.rc3
vtkeq7.0.0

Name	Operator	Version
vtk	eq	5.0.4
vtk	eq	8.1.0
vtk	eq	4.2.2
vtk	eq	1.3.x
vtk	eq	9.0.0.rc2
vtk	eq	2.2.x
vtk	eq	2.3.x
vtk	eq	6.1.0
vtk	eq	6.0.0.rc3
vtk	eq	7.0.0

Rows per page:

1-10 of 771

References

discourse.vtk.org/t/vtk-9-2-5-is-out/10549

gitlab.kitware.com/vtk/vtk/issues/17818

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCTMSAAVP4BW2HTZLDWMGKZ2WEC5OFLK/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

51.5%

JSON

Related for OSV:CVE-2021-42521