CVE-2021-21220
published 2021-04-26CVE-2021-21220: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a…
PriorityP190high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
70.44%
99.3th percentile
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| chromium | chromium | >= 0 < 90.0.4430.72-1 | 90.0.4430.72-1 |
| debian | chromium | < chromium 90.0.4430.72-1 (bookworm) | chromium 90.0.4430.72-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 89.0.4389.128 | 89.0.4389.128 | |
| chrome | >= unspecified < 89.0.4389.128 | 89.0.4389.128 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Kaspersky detection verdicts for PuzzleMaker exploit chain artifacts: PDM:Exploit.Win32.Generic, PDM:Trojan.Win32.Generic, UDS:DangerousObject.Multi.Generic ↗
- →Monitor for creation of WmiPrvMon.exe and wmimon.dll under %SYSTEM% as indicators of the PuzzleMaker dropper payload associated with the CVE-2021-21220 exploit chain ↗
- →The CVE-2021-21220 PoC exploit requires a Uint32Array element of value 0x80000000 XORed with 0 followed by an add-1 operation to trigger the ChangeInt32ToInt64 type confusion in V8's JIT compiler; look for this pattern in JavaScript ↗
- ·Many Water Labbu infrastructure links for loading additional scripts were no longer active at time of research; IOC coverage may be incomplete ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5cw9-vvr5-jcwf: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89
ghsa_unreviewed·2022-05-24
CVE-2021-21220 [HIGH] CWE-119 GHSA-5cw9-vvr5-jcwf: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2021-21220: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89
osv·2021-04-26·CVSS 8.8
CVE-2021-21220 [HIGH] CVE-2021-21220: Insufficient validation of untrusted input in V8 in Google Chrome prior to 89
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
VulnCheck
Google Chromium V8 Improper Input Validation Vulnerability
vulncheck·2021·CVSS 8.8
CVE-2021-21220 [HIGH] CWE-20 Google Chromium V8 Improper Input Validation Vulnerability
Google Chromium V8 Improper Input Validation Vulnerability
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium V8
Required Action: Apply updates per vendor instructions.
Exploitation References: https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://ti.qianxin.com/blog/articles/operation-dragon-dance-the-sword-of-damocles-hanging-over-the-gaming-industry/
Remediation Due: 2021-11-17
CISA
Google Chromium V8 Improper Input Validation Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2021-21220 [HIGH] CWE-20 Google Chromium V8 Improper Input Validation Vulnerability
Vulnerability: Google Chromium V8 Improper Input Validation Vulnerability
Affected: Google Chromium V8
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-21220
Remediation Due Date: 2021-11-17
Chrome
Stable Channel Update for Desktop: CVE-2021-21206
vendor_chrome·2021-04-13·CVSS 8.8
CVE-2021-21206 [HIGH] Stable Channel Update for Desktop: CVE-2021-21206
Stable Channel Update for Desktop
CVE-2021-21206: Use after free in Blink. Reported by Anonymous on 2021-04-07 [$N/A][ 1196683 ] High CVE-2021-21220: Insufficient validation of untrusted input in V8 for x86_64
Reported by Bruno Keith (@bkth_) & Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_it) via ZDI (ZDI-CAN-13569) on 2021-04-07 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: high
Microsoft
Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64
vendor_msrc·2021-04-13·CVSS 8.8
CVE-2021-21220 [HIGH] Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64
Chromium: CVE-2021-21220 Insufficient validation of untrusted input in V8 for x86_64
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
Microsoft is aware of reports that exploits for CVE-2021-21220 exist in the wild.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
89.0.774.77
4/14/2021
89.0.4389.128
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest v
Debian
CVE-2021-21220: chromium - Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0....
vendor_debian·2021·CVSS 8.8
CVE-2021-21220 [HIGH] CVE-2021-21220: chromium - Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0....
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 90.0.4430.72-1)
bullseye: resolved (fixed in 90.0.4430.72-1)
forky: resolved (fixed in 90.0.4430.72-1)
sid: resolved (fixed in 90.0.4430.72-1)
trixie: resolved (fixed in 90.0.4430.72-1)
No detection rules found.
Trendmicro
How Water Labbu Exploits Electron-Based Applications
blogs_trendmicro·2022-10-05
How Water Labbu Exploits Electron-Based Applications
Cyber Threats
## How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
By: Joseph C Chen, Jaromir Horejsi Oct 05, 2022 Read time: ( words)
Save to Folio
In the first part of our Water Labbu blog series, we described how the threat actor used the fraudulent websites of other cryptocurrency scammers to steal cryptocurrency. In our second entry in the Water Labbu series, we would like share how the threat actor leveraged a customer support application to compromise scammers and patched the application using malicious code.
During our investigation, we managed to find a staged Cobalt Strike loader on Virus Total (SHA-256: b81edcbf
Trendmicro
How Water Labbu Exploits Electron-Based Applications
blogs_trendmicro·2022-10-05
How Water Labbu Exploits Electron-Based Applications
Cyberbedrohungen
## How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
By: Joseph C Chen, Jaromir Horejsi Oct 05, 2022 Read time: ( words)
Save to Folio
In the first part of our Water Labbu blog series, we described how the threat actor used the fraudulent websites of other cryptocurrency scammers to steal cryptocurrency. In our second entry in the Water Labbu series, we would like share how the threat actor leveraged a customer support application to compromise scammers and patched the application using malicious code.
During our investigation, we managed to find a staged Cobalt Strike loader on Virus Total (SHA-256: b81ed
Trendmicro
How Water Labbu Exploits Electron-Based Applications
blogs_trendmicro·2022-10-05
How Water Labbu Exploits Electron-Based Applications
Cyber Threats
## How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
By: Joseph C Chen, Jaromir Horejsi 2022/10/05 Read time: ( words)
Save to Folio
In the first part of our Water Labbu blog series, we described how the threat actor used the fraudulent websites of other cryptocurrency scammers to steal cryptocurrency. In our second entry in the Water Labbu series, we would like share how the threat actor leveraged a customer support application to compromise scammers and patched the application using malicious code.
During our investigation, we managed to find a staged Cobalt Strike loader on Virus Total (SHA-256: b81edcbf1a
Trendmicro
How Water Labbu Exploits Electron-Based Applications
blogs_trendmicro·2022-10-05
How Water Labbu Exploits Electron-Based Applications
Ciberamenazas
## How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
By: Joseph C Chen, Jaromir Horejsi Oct 05, 2022 Read time: ( words)
Save to Folio
In the first part of our Water Labbu blog series, we described how the threat actor used the fraudulent websites of other cryptocurrency scammers to steal cryptocurrency. In our second entry in the Water Labbu series, we would like share how the threat actor leveraged a customer support application to compromise scammers and patched the application using malicious code.
During our investigation, we managed to find a staged Cobalt Strike loader on Virus Total (SHA-256: b81edcbf
Trendmicro
How Water Labbu Exploits Electron-Based Applications
blogs_trendmicro·2022-10-05
How Water Labbu Exploits Electron-Based Applications
Minacce cyber
## How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
By: Joseph C Chen, Jaromir Horejsi Oct 05, 2022 Read time: ( words)
Save to Folio
In the first part of our Water Labbu blog series, we described how the threat actor used the fraudulent websites of other cryptocurrency scammers to steal cryptocurrency. In our second entry in the Water Labbu series, we would like share how the threat actor leveraged a customer support application to compromise scammers and patched the application using malicious code.
During our investigation, we managed to find a staged Cobalt Strike loader on Virus Total (SHA-256: b81edcbf
Trendmicro
How Water Labbu Exploits Electron-Based Applications
blogs_trendmicro·2022-10-05·CVSS 8.8
[HIGH] How Water Labbu Exploits Electron-Based Applications
Cyber Threats
# How Water Labbu Exploits Electron-Based Applications
In the second part of our Water Labbu blog series, we explore how the threat actor exploits Electron-based applications using Cobalt Strike to deploy backdoors.
By: Joseph C Chen, Jaromir Horejsi
2022/10/05
Read time: ( words)
Save to Folio
In the first part of our Water Labbu blog series, we described how the threat actor used the fraudulent websites of other cryptocurrency scammers to steal cryptocurrency. In our second entry in the Water Labbu series, we would like share how the threat actor leveraged a customer support application to compromise scammers and patched the application using malicious code.
During our investigation, we managed to find a staged Cobalt Strike loader on Virus Total (SHA-256: b81edcbf1a
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Trendmicro
Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
blogs_trendmicro·2021-12-09·CVSS 8.8
CVE-2021-21220 [HIGH] Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
## Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
Understand the root cause of cve-2021-21220, a Chrome bug from Pwn2own 2021 with this post.
By: Zero Day Initiative 2021/12/09 Read time: ( words)
Save to Folio
In this second blog in the series, ZDI Vulnerability Researcher Hossein Lotfi looks at the root cause of CVE-2021-21220. This bug was used by Bruno Keith ( @bkth_ ) and Niklas Baumstark ( @_niklasb ) of Dataflow Security ( @dfsec_com ) during Pwn2Own Vancouver 2021 to exploit both Chrome and Edge (Chromium) to earn $100,000 at the event. Today’s blog starts with a look at how to trigger the vulnerability and goes on to describe why the bug occurs.
I begin Part 2 of this blog series with a discussion of how to trigger the vulnerability. For clari
Trendmicro
Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
blogs_trendmicro·2021-12-09·CVSS 8.8
CVE-2021-21220 [HIGH] Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
# Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
Understand the root cause of cve-2021-21220, a Chrome bug from Pwn2own 2021 with this post.
By: Zero Day Initiative
2021/12/09
Read time: ( words)
Save to Folio
In this second blog in the series, ZDI Vulnerability Researcher Hossein Lotfi looks at the root cause of CVE-2021-21220. This bug was used by Bruno Keith (@bkth_) and Niklas Baumstark (@_niklasb) of Dataflow Security (@dfsec_com) during Pwn2Own Vancouver 2021 to exploit both Chrome and Edge (Chromium) to earn $100,000 at the event. Today’s blog starts with a look at how to trigger the vulnerability and goes on to describe why the bug occurs.
I begin Part 2 of this blog series with a discussion of how to trigger the vulnerability. For clarity, I
Trendmicro
Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
blogs_trendmicro·2021-12-09·CVSS 8.8
CVE-2021-21220 [HIGH] Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
## Understanding the Root Cause of CVE-2021-21220 – A Chrome Bug from Pwn2Own 2021
Understand the root cause of cve-2021-21220, a Chrome bug from Pwn2own 2021 with this post.
By: Zero Day Initiative Dec 09, 2021 Read time: ( words)
Save to Folio
In this second blog in the series, ZDI Vulnerability Researcher Hossein Lotfi looks at the root cause of CVE-2021-21220. This bug was used by Bruno Keith ( @bkth_ ) and Niklas Baumstark ( @_niklasb ) of Dataflow Security ( @dfsec_com ) during Pwn2Own Vancouver 2021 to exploit both Chrome and Edge (Chromium) to earn $100,000 at the event. Today’s blog starts with a look at how to trigger the vulnerability and goes on to describe why the bug occurs.
I begin Part 2 of this blog series with a discussion of how to trigger the vulnerability. For cla
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
Securelist
IT threat evolution in Q2 2021. PC statistics
blogs_securelist·2021-08-12
IT threat evolution in Q2 2021. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trends and highlights
Attack on Colonial Pipeline and closure of DarkSide
Closure of Avaddon
Clash with Clop
Attacks on NAS devices
Number of new ransomware modifications
Number of users attacked by ransomware Trojans
Geography of ransomware attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by cybercriminals during cyberattacks
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks via web resources
Countries that serve as sources of web-based attacks: Top 10
Countries where users fa
Securelist
IT threat evolution in Q2 2021. PC statistics
blogs_securelist·2021-08-12
IT threat evolution in Q2 2021. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2021:
- Kaspersky solutions blocked 1,686,025,551 attacks from online resources across the globe.
- Web antivirus recognized 675,832,360 unique URLs as malicious.
- Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 119,252 unique users.
- Ransomware attacks were defeated on the computers
Checkpoint
14th June – Threat Intelligence Report
blogs_checkpoint·2021-06-14
CVE-2021-21220 14th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 14th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 14th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Audi and Volkswagen have experienced data breaches that affected 3.3 million customers. Between August 2019 and May 2021, unsecured data was left exposed on the internet by a mutual vendor. During that time, an unauthorized threat actor accesses the data.
Researchers have observed a new wave of DDoS extortion by Fancy Lazarus,
Securelist
PuzzleMaker attacks with Chrome zero-day exploit chain
blogs_securelist·2021-06-08·CVSS 5.5
[MEDIUM] PuzzleMaker attacks with Chrome zero-day exploit chain
Table of Contents
- Remote code execution exploit
- Elevation of privilege exploit
- Malware modules
- IoCs
Authors
- Costin Raiu
- Boris Larin
- Alexey Kulaev
On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges.
The elevation of privilege exploit was fine-tuned to work against the latest and most prominent builds of Windows 10 (17763 – RS5, 18362 – 19H1,
Securelist
PuzzleMaker attacks with Chrome zero-day exploit chain
blogs_securelist·2021-06-08·CVSS 5.5
[MEDIUM] PuzzleMaker attacks with Chrome zero-day exploit chain
Table of Contents
Remote code execution exploit
Elevation of privilege exploit
Malware modules
IoCs
Authors
Costin Raiu
Boris Larin
Alexey Kulaev
On April 14-15, 2021, Kaspersky technologies detected a wave of highly targeted attacks against multiple companies. Closer analysis revealed that all these attacks exploited a chain of Google Chrome and Microsoft Windows zero-day exploits. While we were not able to retrieve the exploit used for remote code execution (RCE) in the Chrome web browser, we were able to find and analyze an elevation of privilege (EoP) exploit that was used to escape the sandbox and obtain system privileges.
The elevation of privilege exploit was fine-tuned to work against the latest and most prominent builds of Windows 10 (17763 – RS5, 18362 – 19H1, 18363 – 1
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
Patch Tuesday 2021: A Vulnerability Deep Dive
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] Patch Tuesday 2021: A Vulnerability Deep Dive
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
arXiv
A Survey on Data-driven Software Vulnerability Assessment and Prioritization
arxiv_fulltext·2022-04-04
A Survey on Data-driven Software Vulnerability Assessment and Prioritization
[A Survey on Data-driven Software Vulnerability Assessment and Prioritization]A Survey on Data-driven Software Vulnerability Assessment and Prioritization
Triet H. M. Le
[email protected]
Huaming Chen
[email protected]
CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide
Adelaide
Australia
M. Ali Babar
[email protected]
CREST - The Centre for Research on Engineering Software Technologies, The University of Adelaide
Adelaide
Australia
Cyber Security Cooperative Research Centre
Australia
## Abstract
Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners
CWE
Improper Input Validation
mitre_cwe
CWE-20 Improper Input Validation
CWE-20: Improper Input Validation
The product receives input or data, but it does
not validate or incorrectly validates that the input has the
properties that are required to process the data safely and
correctly.
Input validation is a frequently-used technique
for checking potentially dangerous inputs in order to
ensure that the inputs are safe for processing within the
code, or when communicating with other components. Input can consist of: raw data - strings, numbers, parameters, file contents, etc. metadata - information about the raw data, such as headers or size Data can be simple or structured. Structured data
can be composed of many nested layers, composed of
combinations of metadata and raw data, with other simple or
structured data. Many properties of raw data or metadata may n
CWE
Out-of-bounds Write
mitre_cwe
CWE-787 Out-of-bounds Write
CWE-787: Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Memory, Execute Unauthorized Code or Commands. Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
Scope: Other. Impact: Unexpected State. Subsequent write operations can produce undefined or unexpected results.
Detection Methods:
Automated Static Analysis: This weakness can often be detected using automated s
http://packetstormsecurity.com/files/162437/Google-Chrome-XOR-Typer-Out-Of-Bounds-Access-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/176210/Chrome-V8-JIT-XOR-Arbitrary-Code-Execution.htmlhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.htmlhttps://crbug.com/1196683https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://security.gentoo.org/glsa/202104-08http://packetstormsecurity.com/files/162437/Google-Chrome-XOR-Typer-Out-Of-Bounds-Access-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/176210/Chrome-V8-JIT-XOR-Arbitrary-Code-Execution.htmlhttps://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop.htmlhttps://crbug.com/1196683https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EAJ42L4JFPBJATCZ7MOZQTUDGV4OEHHG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3GZ42MYPGD35V652ZPVPYYS7A7LVXVY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUZBGKGVZADNA3I24NVG7HAYYUTOSN5A/https://security.gentoo.org/glsa/202104-08https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21220
2021-04-26
Published
2021-11-03
Added to CISA KEV
Exploited in the wild