CVE-2021-23180
published 2022-03-02CVE-2021-23180: A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of…
PriorityP336high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.27%
66.1th percentile
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | htmldoc | < htmldoc 1.9.11-4 (bookworm) | htmldoc 1.9.11-4 (bookworm) |
| htmldoc_project | htmldoc | <= 1.9.12 | — |
| htmldoc_project | htmldoc | — | — |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
| htmldoc_project | htmldoc | >= 0 < 1.9.11-4 | 1.9.11-4 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-77xx-wx8p-7pfj: A flaw was found in htmldoc in v1
ghsa_unreviewed·2022-03-04
CVE-2021-23180 [HIGH] CWE-476 GHSA-77xx-wx8p-7pfj: A flaw was found in htmldoc in v1
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
OSV
CVE-2021-23180: A flaw was found in htmldoc in v1
osv·2022-03-02·CVSS 7.8
CVE-2021-23180 [HIGH] CVE-2021-23180: A flaw was found in htmldoc in v1
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
Ubuntu
HTMLDOC vulnerability
vendor_ubuntu·2021-12-16
CVE-2021-23180 HTMLDOC vulnerability
Title: HTMLDOC vulnerability
Summary: HTMLDOC could be made to crash if it received specially crafted
input.
It was discovered that HTMLDOC improperly handled malformed URIs from an input
html file. An attacker could use this to cause a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2021-23180: htmldoc - A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in f...
vendor_debian·2021·CVSS 7.8
CVE-2021-23180 [HIGH] CVE-2021-23180: htmldoc - A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in f...
A flaw was found in htmldoc in v1.9.12 and before. Null pointer dereference in file_extension(),in file.c may lead to execute arbitrary code and denial of service.
Scope: local
bookworm: resolved (fixed in 1.9.11-4)
bullseye: resolved (fixed in 1.9.11-4)
forky: resolved (fixed in 1.9.11-4)
sid: resolved (fixed in 1.9.11-4)
trixie: resolved (fixed in 1.9.11-4)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1967041https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751ahttps://github.com/michaelrsweet/htmldoc/issues/418https://ubuntu.com/security/CVE-2021-23180https://bugzilla.redhat.com/show_bug.cgi?id=1967041https://github.com/michaelrsweet/htmldoc/commit/19c582fb32eac74b57e155cffbb529377a9e751ahttps://github.com/michaelrsweet/htmldoc/issues/418https://ubuntu.com/security/CVE-2021-23180
2022-03-02
Published