CVE-2021-3756Heap-based Buffer Overflow in Libmysofa

CWE-122Heap-based Buffer OverflowCWE-787Out-of-bounds Write5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 44.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Hoene LibmysofaSymonics LibmysofaDebian Libmysofa+1 more
Timeline
PublishedOct 29
Latest updateMay 24

Description

libmysofa is vulnerable to Heap-based Buffer Overflow

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

debiandebian/libmysofa< libmysofa 1.2.1~dfsg0-1 (bookworm)
NVDsymonics/libmysofa< 1.2.1
CVEListV5hoene/hoene_libmysofaunspecified1.2.1
Debiansymonics/libmysofa< 1.2.1~dfsg0-1+2

Also affects: Fedora 34, 35

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-ph84-4hmc-hhqm: libmysofa is vulnerable to Heap-based Buffer Overflow2022-05-24
OSV
CVE-2021-3756: libmysofa is vulnerable to Heap-based Buffer Overflow2021-10-29

📋Vendor Advisories

2
Ubuntu
libmysofa vulnerability2021-12-08
Debian
CVE-2021-3756: libmysofa - libmysofa is vulnerable to Heap-based Buffer Overflow2021
CVE-2021-3756 — Heap-based Buffer Overflow in Libmysofa | cvebase