What is the severity of CVE-2021-29672?

The severity of CVE-2021-29672 is high with a CVSS score of 8.4.

Which software versions are affected by CVE-2021-29672?

IBM Spectrum Protect Client versions 8.1.0.0-8 through 1.11.0 and IBM Spectrum Protect for Space Management versions 8.1.0.0-8 through 1.11.0 are affected.

How does CVE-2021-29672 exploit work?

CVE-2021-29672 is a stack-based buffer overflow vulnerability that is exploited by a local attacker overflowing a buffer and executing arbitrary code on the system with elevated privileges or causing a denial-of-service condition.

Are there any references available for CVE-2021-29672?

Yes, you can find references for CVE-2021-29672 at the following links: [Reference 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/199479), [Reference 2](https://security.gentoo.org/glsa/202209-02), [Reference 3](https://www.ibm.com/support/pages/node/6445497).

What is the Common Weakness Enumeration (CWE) ID for CVE-2021-29672?

The Common Weakness Enumeration (CWE) ID for CVE-2021-29672 is CWE-119 and CWE-787.

Vulnerability/
CVE-2021-29672

high

8.4

CWE

787 119

23/4/2021

26/4/2021

17/9/2024

CVE-2021-29672: Buffer Overflow

First published: Fri Apr 23 2021(Updated: )

IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Spectrum Protect client	>=8.1.0.0<=8.1.11.0
Ibm Spectrum Protect For Space Management	>=8.1.0.0<=8.1.11.0
	<=8.1.0.0-8.1.11.07.1.0.0-7.1.8.10
	<=8.1.0.0-8.1.11.07.1.0.0-7.1.8.10

Remedy

https://www.ibm.com/support/pages/node/6445497

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6445497

Frequently Asked Questions

What is the severity of CVE-2021-29672?
The severity of CVE-2021-29672 is high with a CVSS score of 8.4.
Which software versions are affected by CVE-2021-29672?
IBM Spectrum Protect Client versions 8.1.0.0-8 through 1.11.0 and IBM Spectrum Protect for Space Management versions 8.1.0.0-8 through 1.11.0 are affected.
How does CVE-2021-29672 exploit work?
CVE-2021-29672 is a stack-based buffer overflow vulnerability that is exploited by a local attacker overflowing a buffer and executing arbitrary code on the system with elevated privileges or causing a denial-of-service condition.
Are there any references available for CVE-2021-29672?
Yes, you can find references for CVE-2021-29672 at the following links: [Reference 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/199479), [Reference 2](https://security.gentoo.org/glsa/202209-02), [Reference 3](https://www.ibm.com/support/pages/node/6445497).
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-29672?
The Common Weakness Enumeration (CWE) ID for CVE-2021-29672 is CWE-119 and CWE-787.

collector/nvd-index
agent/type
agent/last-modified-date
agent/first-publish-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/severity
agent/references
agent/remedy
agent/author
agent/weakness
agent/softwarecombine
agent/description
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm spectrum protect client
version/ibm spectrum protect client/8.1.0.0
version/ibm spectrum protect client/8.1.11.0
canonical/ibm spectrum protect for space management
version/ibm spectrum protect for space management/8.1.0.0
version/ibm spectrum protect for space management/8.1.11.0
canonical/ibm spectrum protect backup-archive client
version/ibm spectrum protect backup-archive client/8.1.0.0-8.1.11.07.1.0.0-7.1.8.10
version/ibm spectrum protect for space management/8.1.0.0-8.1.11.07.1.0.0-7.1.8.10