CVE-2021-21828: Buffer Overflow
First published: Fri Aug 20 2021(Updated: )
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Att Xmill | =0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2021-21828?
The severity of CVE-2021-21828 is critical with a score of 9.8.
What is the affected software of CVE-2021-21828?
The affected software of CVE-2021-21828 is AT&T Labs Xmill 0.7.
How does CVE-2021-21828 impact security?
CVE-2021-21828 is a heap-based buffer overflow vulnerability that allows an attacker to execute arbitrary code or crash the vulnerable software, which can lead to remote code execution and potential takeover of the affected system.
Is there a fix available for CVE-2021-21828?
Yes, it is recommended to update to a patched version of AT&T Labs Xmill that addresses the vulnerability.
Where can I find more information about CVE-2021-21828?
More information about CVE-2021-21828 can be found at the following link: [Talos Intelligence - CVE-2021-21828](https://talosintelligence.com/vulnerability_reports/TALOS-2021-1291)
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/att
- canonical/att xmill
- version/att xmill/0.7