CVE-2021-26220Out-of-bounds Write in Project Ezxml

CWE-787Out-of-bounds Write4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.4%
top 36.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Debian MapcacheDebian NetcdfDebian Netcdf-parallel+2 more
Timeline
PublishedFeb 8
Latest updateMay 24

Description

The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

debiandebian/netcdf< netcdf 1:4.9.0-1 (bookworm)
debiandebian/scilab< netcdf 1:4.9.0-1 (bookworm)
debiandebian/mapcache< netcdf 1:4.9.0-1 (bookworm)
debiandebian/netcdf-parallel< netcdf 1:4.9.0-1 (bookworm)

🔴Vulnerability Details

2
GHSA
GHSA-9v38-f7c4-w54w: The ezxml_toxml function in ezxml 02022-05-24
OSV
CVE-2021-26220: The ezxml_toxml function in ezxml 02021-02-08

📋Vendor Advisories

1
Debian
CVE-2021-26220: mapcache - The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write w...2021
CVE-2021-26220 — Out-of-bounds Write in Project Ezxml | cvebase