Lucene search

PRIOn knowledge basePRION:CVE-2021-4327

HistoryMar 01, 2023 - 11:15 a.m.

Integer overflow

2023-03-0111:15:00

PRIOn knowledge base

www.prio-n.com

serenityos

critical vulnerability

integer overflow

function

initialize_typed_array_from_array_buffer

library

userland

libjs

runtime

typedarray

manipulation

exploit

public disclosure

continuous delivery

rolling releases

patch

identifier

vdb-222074

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.6%

JSON

A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability.

CPENameOperatorVersion
serenityoseq< 2021127

CPE	Name	Operator	Version
	serenityos	eq	< 2021127

References

devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html

github.com/SerenityOS/serenity/commit/f6c6047e49f1517778f5565681fb64750b14bf60

vuldb.com/?ctiid.222074

vuldb.com/?id.222074