CVE-2021-29672

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGH
EPSS
0.1%
top 74.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Spectrum Protect ClientIBM Spectrum Protect FOR Space Management
Timeline
PublishedApr 26
Latest updateMay 24

Description

IBM Spectrum Protect Client 8.1.0.0-8 through 1.11.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking when processing the current locale settings. A local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash. IBM X-Force ID: 199479

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDibm/spectrum_protect_client8.1.0.08.1.11.0
NVDibm/spectrum_protect8.1.0.08.1.11.0
CVEListV5ibm/spectrum_protect_for_space_management8.1.0.0, 8.1.11.0+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-mxfj-3796-w53x: IBM Spectrum Protect Client 82022-05-24
CVEList
CVE-2021-29672: IBM Spectrum Protect Client 82021-04-26
CVE-2021-29672 (HIGH CVSS 7.8) | IBM Spectrum Protect Client 8.1.0.0 | cvebase.io