CVE-2021-21812: Buffer Overflow
First published: Fri Aug 13 2021(Updated: )
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Att Xmill | =0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-21812.
What is the severity of CVE-2021-21812?
The severity of CVE-2021-21812 is high (7.8).
What is the affected software?
The affected software is AT&T Labs’ Xmill 0.7.
What is the description of CVE-2021-21812?
CVE-2021-21812 is a stack-based buffer overflow vulnerability in the HandleFileArg function of AT&T Labs’ Xmill 0.7, which allows an attacker to control the filepattern argument from the command line and exploit it using strcpy.
How can I fix CVE-2021-21812?
Update AT&T Labs’ Xmill to the latest version available, as a fix for CVE-2021-21812.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/att
- canonical/att xmill
- version/att xmill/0.7