CVE-2021-21783: Integer Overflow
First published: Thu Mar 25 2021(Updated: )
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Genivia gSOAP | =2.8.107 | |
| Oracle Communications Diameter Signaling Router | >=8.0.0<=8.5.0 | |
| Oracle Communications EAGLE Application Processor | >=16.1.0<=16.4.0 | |
| Oracle Communications Eagle Lnp Application Processor | =46.7 | |
| Oracle Communications Eagle Lnp Application Processor | =46.8 | |
| Oracle Communications Eagle Lnp Application Processor | =46.9 | |
| Oracle Communications Lsms | =13.1 | |
| Oracle Communications Lsms | =13.2 | |
| Oracle Communications Lsms | =13.3 | |
| Oracle Communications Lsms | =13.4 | |
| Oracle Tekelec Virtual Operating Environment | >=3.4.0<=3.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-21783?
CVE-2021-21783 is a code execution vulnerability in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107.
What is the severity of CVE-2021-21783?
CVE-2021-21783 has a severity rating of 9.8 (Critical).
Which software is affected by CVE-2021-21783?
Genivia gSOAP 2.8.107, Oracle Communications Diameter Signaling Router (version 8.0.0 to 8.5.0), Oracle Communications EAGLE Application Processor (version 16.1.0 to 16.4.0), Oracle Communications Eagle Lnp Application Processor (version 46.7 to 46.9), Oracle Communications Lsms (version 13.1 to 13.4), and Oracle Tekelec Virtual Operating Environment (version 3.4.0 to 3.7.1) are affected by CVE-2021-21783.
How can CVE-2021-21783 be exploited?
CVE-2021-21783 can be exploited by sending a specially crafted SOAP request to the affected software, leading to remote code execution.
Where can I find more information about CVE-2021-21783?
You can find more information about CVE-2021-21783 at the following references: [Talos Intelligence](https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245), [Oracle Security Alerts - January 2022](https://www.oracle.com/security-alerts/cpujan2022.html), [Oracle Security Alerts - October 2021](https://www.oracle.com/security-alerts/cpuoct2021.html).
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/event
- agent/references
- agent/description
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/genivia
- canonical/genivia gsoap
- version/genivia gsoap/2.8.107
- vendor/oracle
- canonical/oracle communications diameter signaling router
- version/oracle communications diameter signaling router/8.0.0
- version/oracle communications diameter signaling router/8.5.0
- canonical/oracle communications eagle application processor
- version/oracle communications eagle application processor/16.1.0
- version/oracle communications eagle application processor/16.4.0
- canonical/oracle communications eagle lnp application processor
- version/oracle communications eagle lnp application processor/46.7
- version/oracle communications eagle lnp application processor/46.8
- version/oracle communications eagle lnp application processor/46.9
- canonical/oracle communications lsms
- version/oracle communications lsms/13.1
- version/oracle communications lsms/13.2
- version/oracle communications lsms/13.3
- version/oracle communications lsms/13.4
- canonical/oracle tekelec virtual operating environment
- version/oracle tekelec virtual operating environment/3.4.0
- version/oracle tekelec virtual operating environment/3.7.1