QID 670988

Hive files are the undocumented binary files that Windows uses to store the Windows Registry on disk. Hivex is a library that can read and write to these files. 'hivexsh' is a shell you can use to interactively navigate a hive binary file. 'hivexregedit' (in perl-hivex) lets you export and merge to the textual regedit format. 'hivexml' can be used to convert a hive file to a more useful XML format. In order to get access to the hive files themselves, you can copy them from a Windows machine. They are usually found in %systemroot%\system32\config. For virtual machines we recommend using libguestfs or guestfish to copy out these files. libguestfs also provides a useful high-level tool called 'virt-win-reg' (based on hivex technology) which can be used to query specific registry keys in an existing Windows VM. For OCaml bindings, see 'ocaml-hivex-devel'. For Perl bindings, see 'perl-hivex'. For Python 2 bindings, see 'python2-hivex'. For Python 3 bindings, see 'python3-hivex'. For Ruby bindings, see 'ruby-hivex'. Security Fix(es): A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.(CVE-2021-3622)
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

An arbitrary attacker may exploit this vulnerability to compromise the system.