What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-21814.

What is the severity of CVE-2021-21814?

The severity of CVE-2021-21814 is high.

What software is affected by CVE-2021-21814?

The software affected by CVE-2021-21814 is Att Xmill version 0.7.

What is the description of CVE-2021-21814?

CVE-2021-21814 is a vulnerability within the function HandleFileArg, where the argument filepattern, passed in by the user from the command line, is not properly checked for length, allowing potential buffer overflow.

How can I fix CVE-2021-21814?

To fix CVE-2021-21814, a patch or update should be applied to the Att Xmill software to properly validate and limit the length of the filepattern argument passed in by the user.

Vulnerability/
CVE-2021-21814

high

7.8

CWE

88 119

13/8/2021

3/8/2024

CVE-2021-21814: Buffer Overflow

First published: Fri Aug 13 2021(Updated: )

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occurs at an arbitrary offset from the buffer. An attacker can provide malicious input to trigger this vulnerability.

Credit: talos-cna@cisco.com

Affected Software	Affected Version	How to fix
Att Xmill	=0.7

Never miss a vulnerability like this again

Reference Links

https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-21814.
What is the severity of CVE-2021-21814?
The severity of CVE-2021-21814 is high.
What software is affected by CVE-2021-21814?
The software affected by CVE-2021-21814 is Att Xmill version 0.7.
What is the description of CVE-2021-21814?
CVE-2021-21814 is a vulnerability within the function HandleFileArg, where the argument filepattern, passed in by the user from the command line, is not properly checked for length, allowing potential buffer overflow.
How can I fix CVE-2021-21814?
To fix CVE-2021-21814, a patch or update should be applied to the Att Xmill software to properly validate and limit the length of the filepattern argument passed in by the user.

collector/nvd-index
agent/weakness
agent/author
agent/event
agent/severity
agent/references
agent/tags
agent/type
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/att
canonical/att xmill
version/att xmill/0.7

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.