CVE-2021-21815: Buffer Overflow
First published: Fri Aug 13 2021(Updated: )
A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Att Xmill | =0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-21815?
CVE-2021-21815 is a stack-based buffer overflow vulnerability in the HandleFileArg function of AT&T Labs' Xmill 0.7.
How severe is CVE-2021-21815?
CVE-2021-21815 has a severity rating of 7.8, which is considered high.
How does CVE-2021-21815 affect AT&T Labs' Xmill 0.7?
CVE-2021-21815 affects AT&T Labs' Xmill 0.7 by allowing an attacker to exploit a stack-based buffer overflow vulnerability in the HandleFileArg function.
What is the CWE ID for CVE-2021-21815?
CVE-2021-21815 has two CWE IDs: CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write).
Is there a fix available for CVE-2021-21815?
Yes, there is a fix available for CVE-2021-21815. It is recommended to update to a version of AT&T Labs' Xmill that is not affected by this vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/att
- canonical/att xmill
- version/att xmill/0.7