CVE-2021-45258

2021-12-22T00:00:00

Description

A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.

Affected Package

OS	OS Version	Package Name	Package Version
ubuntu	20.04	gpac	any
ubuntu	22.04	gpac	any
ubuntu	upstream	gpac	any
ubuntu	14.04	gpac	any
ubuntu	upstream	gpac	any
ubuntu	16.04	gpac	any

{"id": "UB:CVE-2021-45258", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2021-45258", "description": "A stack overflow vulnerability exists in gpac 1.1.0 via the\ngf_bifs_dec_proto_list function, which causes a segmentation fault and\napplication crash.", "published": "2021-12-22T00:00:00", "modified": "2021-12-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2021-45258", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45258", "https://github.com/gpac/gpac/issues/1970", "https://github.com/gpac/gpac/commit/47a26a32c9a2cd630c48517c3e6ab2fa5f6a26ad", "https://nvd.nist.gov/vuln/detail/CVE-2021-45258", "https://launchpad.net/bugs/cve/CVE-2021-45258", "https://security-tracker.debian.org/tracker/CVE-2021-45258"], "cvelist": ["CVE-2021-45258"], "immutableFields": [], "lastseen": "2023-01-27T13:26:27", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cnvd", "idList": ["CNVD-2022-04824"]}, {"type": "cve", "idList": ["CVE-2021-45258"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-45258"]}, {"type": "veracode", "idList": ["VERACODE:34396"]}]}, "score": {"value": 4.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-45258"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-45258"]}]}, "exploitation": null, "vulnersScore": 4.6}, "_state": {"dependencies": 1674826029, "score": 1674826180}, "_internal": {"score_hash": "5fa60d0c42519bfc484044d2550ea9f9"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "20.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gpac"}, {"OS": "ubuntu", "OSVersion": "22.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gpac"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gpac"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gpac"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gpac"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gpac"}], "bugs": []}

{"debiancve": [{"lastseen": "2022-07-04T05:59:21", "description": "A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-22T17:15:00", "type": "debiancve", "title": "CVE-2021-45258", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45258"], "modified": "2021-12-22T17:15:00", "id": "DEBIANCVE:CVE-2021-45258", "href": "https://security-tracker.debian.org/tracker/CVE-2021-45258", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-17T12:57:18", "description": "gpac is vulnerable to denial of service (DoS) attacks. A stack overflow vulnerability exists in the `gf_bifs_dec_proto_list` function, which causes a segmentation fault and application crash.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-26T23:54:52", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45258"], "modified": "2022-04-19T18:45:17", "id": "VERACODE:34396", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34396/summary", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2022-03-23T19:59:41", "description": "A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-22T17:15:00", "type": "cve", "title": "CVE-2021-45258", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45258"], "modified": "2021-12-28T14:32:00", "cpe": ["cpe:/a:gpac:gpac:1.1.0"], "id": "CVE-2021-45258", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45258", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:gpac:gpac:1.1.0:dev:*:*:*:*:*:*"]}], "cnvd": [{"lastseen": "2022-11-05T07:07:03", "description": "GPAC is an open source multimedia framework. a security vulnerability exists in GPAC 1.1.0, which stems from a stack overflow in the gf_bifs_dec_proto_list function that causes segmentation errors and application crashes. No detailed vulnerability details are available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-12-24T00:00:00", "type": "cnvd", "title": "GPAC Buffer Overflow Vulnerability (CNVD-2022-04824)", "bulletinFamily": "cnvd", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45258"], "modified": "2022-01-18T00:00:00", "id": "CNVD-2022-04824", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-04824", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}

CVE-2021-45258

Description

Affected Package

Related