CVE-2021-3504
Summary
| CVE | CVE-2021-3504 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2021-05-11 23:15:00 UTC |
|---|
| Updated | 2023-11-07 03:38:00 UTC |
|---|
| Description | A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [SECURITY] Fedora 34 Update: hivex-1.3.20-1.fc34 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] Fedora 34 Update: hivex-1.3.20-1.fc34 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| [SECURITY] Fedora 33 Update: hivex-1.3.20-1.fc33 - package-announce - Fedora Mailing-Lists |
|
lists.fedoraproject.org |
|
| [SECURITY] [DLA 2656-1] hivex security update |
MLIST |
lists.debian.org |
|
| [SECURITY] Fedora 33 Update: hivex-1.3.20-1.fc33 - package-announce - Fedora Mailing-Lists |
FEDORA |
lists.fedoraproject.org |
|
| 1949687 – (CVE-2021-3504) CVE-2021-3504 hivex: Buffer overflow when provided invalid node key length |
MISC |
bugzilla.redhat.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159259 Oracle Enterprise Linux Security Update for hivex (ELSA-2021-2318)
- 159343 Oracle Enterprise Linux Security Update for virt:ol and virt-devel:rhel (ELSA-2021-3061)
- 178589 Debian Security Update for hivex (DLA 2656-1)
- 178615 Debian Security Update for hivex (DSA 4913-1)
- 178630 Debian Security Update for hivex (DSA 4913-1)
- 180238 Debian Security Update for hivex (CVE-2021-3504)
- 198572 Ubuntu Security Notification for hivex Vulnerability (USN-5148-1)
- 239402 Red Hat Update for hivex (RHSA-2021:2318)
- 239539 Red Hat Update for virt:rhel and virt-devel:rhel (RHSA-2021:3061)
- 257089 CentOS Security Update for hivex (CESA-2021:2318)
- 281208 Fedora Security Update for hivex (FEDORA-2021-da76643229)
- 281209 Fedora Security Update for hivex (FEDORA-2021-b71cc4df92)
- 352398 Amazon Linux Security Advisory for hivex: ALAS2-2021-1658
- 377227 Alibaba Cloud Linux Security Update for hivex (ALINUX2-SA-2021:0034)
- 377346 Alibaba Cloud Linux Security Update for virt:rhel and virt-devel:rhel (ALINUX3-SA-2021:0058)
- 501580 Alpine Linux Security Update for hivex
- 501866 Alpine Linux Security Update for hivex
- 670539 EulerOS Security Update for hivex (EulerOS-SA-2021-2297)
- 670574 EulerOS Security Update for hivex (EulerOS-SA-2021-2332)
- 670622 EulerOS Security Update for hivex (EulerOS-SA-2021-2380)
- 750035 SUSE Enterprise Linux Security Update for hivex (SUSE-SU-2021:1761-1)
- 750036 SUSE Enterprise Linux Security Update for hivex (SUSE-SU-2021:1760-1)
- 750041 SUSE Enterprise Linux Security Update for hivex (SUSE-SU-2021:1761-1)
- 750042 SUSE Enterprise Linux Security Update for hivex (SUSE-SU-2021:1760-1)
- 750073 SUSE Enterprise Linux Security Update for hivex (SUSE-SU-2021:1761-1)
- 750187 OpenSUSE Security Update for hivex (openSUSE-SU-2021:0806-1)
- 750761 OpenSUSE Security Update for hivex (openSUSE-SU-2021:1761-1)
- 901206 Common Base Linux Mariner (CBL-Mariner) Security Update for hivex (6472)
- 902325 Common Base Linux Mariner (CBL-Mariner) Security Update for hivex (6472-1)
- 940064 AlmaLinux Security Update for virt:rhel and virt-devel:rhel (ALSA-2021:3061)
- 960072 Rocky Linux Security Update for virt:rhel and virt-devel:rhel (RLSA-2021:3061)
