Lucene search
K
AttXmill

13 matches found

CVE
CVE
added 2021/08/13 10:40 p.m.125 views

CVE-2021-21813

AT&T Labs Xmill 0.7 contains a stack-based buffer overflow in the command-line handle argument path. In HandleFileArg, the filepattern supplied by the user is copied into a fixed-size buffer (400 bytes) via unsafe copy operations (memcpy/strcpy/strlen), without proper length checks. This can over...

7.8CVSS7.8AI score0.00333EPSS
CVE
CVE
added 2021/08/13 10:39 p.m.112 views

CVE-2021-21814

CVE-2021-21814 affects AT&T Labs’ Xmill 0.7, describing a vulnerability in the command-line parsing function HandleFileArg where the user-controlled filepattern is copied/stored without proper length checks. The literature shows multiple instances of buffer overflows (stack-based, via strcpy/memc...

7.8CVSS7.8AI score0.00344EPSS
CVE
CVE
added 2021/08/13 10:39 p.m.109 views

CVE-2021-21812

CVE-2021-21812 describes a stack-based buffer overflow in AT&T Labs’ Xmill 0.7, specifically in the command-line parsing HandleFileArg function. The vulnerability stems from copying user-controlled filepattern data into a fixed-size buffer with strcpy, allowing a path provided on the command line...

7.8CVSS7.9AI score0.00333EPSS
CVE
CVE
added 2021/08/13 10:43 p.m.107 views

CVE-2021-21815

CVE-2021-21815 : A stack-based buffer overflow exists in AT&T Labs’ Xmill 0.7, in the command-line parsing HandleFileArg. The user-controlled filepattern is copied into a fixed-size buffer without length checks (via strcpy), causing stack overflow. A crafted command-line input can trigger code ex...

7.8CVSS7.9AI score0.00333EPSS
CVE
CVE
added 2021/08/13 6:17 p.m.106 views

CVE-2021-21829

CVE-2021-21829 is a heap-based buffer overflow affecting AT&T Labs’ Xmill 0.7, in the XML Decompression EnumerationUncompressor::UncompressItem functionality. A specially crafted XMI file can lead to remote code execution. The vulnerability is documented across multiple sources (e.g., NVD and Red...

9.8CVSS9.8AI score0.02545EPSS
CVE
CVE
added 2021/08/13 6:16 p.m.98 views

CVE-2021-21830

AT&T Labs Xmill 0.7 contains a heap-based buffer overflow in the XML Decompression LabelDict::Load path that can be triggered by a crafted XMI file, leading to remote code execution. CVE-2021-21830 is the assigned identifier for this vulnerability, with Red Hat and CVE listings reiterating the sa...

9.8CVSS9.8AI score0.02274EPSS
CVE
CVE
added 2022/04/14 12:4 p.m.85 views

CVE-2022-26507

CVE-2022-26507 describes a heap-based/out-of-bounds read vulnerability in AT&T Labs Xmill 0.7 DecodeTreeBlock during XML decompression, leading to remote code execution. The 3.2.13 entry confirms CVE-2022-26507 as the vulnerability ID for an out-of-bounds read in XML Decompression DecodeTreeBlock...

9.8CVSS9AI score0.02277EPSS
CVE
CVE
added 2021/08/20 9:2 p.m.69 views

CVE-2021-21826

CVE-2021-21826 is a heap-based buffer overflow in AT&T Labs Xmill 0.7, within XML Decompression DecodeTreeBlock. A crafted XMI file triggers a UINT32-derived length for an internal buffer, enabling a attacker-controlled input to overflow. The initial description confirms the vulnerability, includ...

9.8CVSS9.5AI score0.01136EPSS
CVE
CVE
added 2021/08/18 12:52 p.m.66 views

CVE-2021-21825

CVE-2021-21825 is a heap-based buffer overflow in AT&T Labs Xmill 0.7 (XML Decompression PlainTextUncompressor::UncompressItem). A crafted XMI file can trigger remote code execution. Affected products include Xmill 0.7; mitigation notes indicate updating to Schneider Electric EcoStruxure/Process ...

9.8CVSS9.8AI score0.02274EPSS
CVE
CVE
added 2021/08/31 4:56 p.m.63 views

CVE-2021-21811

CVE-2021-21811 is described across multiple connected documents as a memory corruption vulnerability in AT&T Labs’ Xmill 0.7, specifically in the XML-parsing CreateLabelOrAttrib functionality. The issue is a heap-based buffer overflow that can be triggered by a specially crafted XML file, potenti...

9.8CVSS9.5AI score0.01136EPSS
CVE
CVE
added 2021/08/20 9:3 p.m.63 views

CVE-2021-21828

CVE-2021-21828 is a heap-based buffer overflow in AT&T Labs Xmill 0.7, specifically in the XML Decompression DecodeTreeBlock functionality. In the default DecodeTreeBlock path, a label is created via CurPath::AddLabel to track the label for later reference, and a crafted input file can trigger th...

9.8CVSS9.5AI score0.01136EPSS
CVE
CVE
added 2021/08/20 9:3 p.m.58 views

CVE-2021-21827

CVE-2021-21827 is a heap-based buffer overflow vulnerability in AT&T Labs Xmill 0.7, triggered by DecodeTreeBlock during XMI decompression. The vulnerability arises when a UINT32 read from the input is used as the length for a buffer during various decode paths, leading to unsafe copies via memcp...

9.8CVSS9.6AI score0.01136EPSS
CVE
CVE
added 2021/08/17 7:17 p.m.55 views

CVE-2021-21810

CVE-2021-21810 affects AT&T Labs’ Xmill 0.7; a memory corruption heap-based buffer overflow exists in the XML-parsing ParseAttribs functionality when processing malicious XML, potentially enabling remote code execution. Public references (e.g., Red Hat and CISA-ICS materials) describe this class ...

9.8CVSS9.5AI score0.01136EPSS