5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
0.002 Low
EPSS
Percentile
53.1%
A flaw was found in the hivex library in versions before 1.3.20. It is
caused due to a lack of bounds check within the hivex_open function. An
attacker could input a specially crafted Windows Registry (hive) file which
would cause hivex to read memory beyond its normal bounds or cause the
program to crash. The highest threat from this vulnerability is to system
availability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | hivex | < 1.3.15-1ubuntu0.1 | UNKNOWN |
ubuntu | 20.04 | noarch | hivex | < 1.3.18-2ubuntu0.1 | UNKNOWN |
ubuntu | 21.04 | noarch | hivex | < 1.3.19-1ubuntu3.21.04.1 | UNKNOWN |
ubuntu | 21.10 | noarch | hivex | < 1.3.19-1ubuntu3.21.10.1 | UNKNOWN |
ubuntu | 22.04 | noarch | hivex | < any | UNKNOWN |
ubuntu | 23.10 | noarch | hivex | < any | UNKNOWN |
ubuntu | 24.04 | noarch | hivex | < any | UNKNOWN |
ubuntu | 14.04 | noarch | hivex | < 1.3.9-2ubuntu0.1~esm1 | UNKNOWN |
github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381
launchpad.net/bugs/cve/CVE-2021-3504
listman.redhat.com/archives/libguestfs/2021-May/msg00013.html
nvd.nist.gov/vuln/detail/CVE-2021-3504
security-tracker.debian.org/tracker/CVE-2021-3504
ubuntu.com/security/notices/USN-5148-1
ubuntu.com/security/notices/USN-5148-2
www.cve.org/CVERecord?id=CVE-2021-3504
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
0.002 Low
EPSS
Percentile
53.1%