CVE-2021-43412

CWE-416 — Use After Free4 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 86.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Hurd

Timeline

PublishedNov 7

Latest updateMay 24

Description

An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be exploited for local privilege escalation to get full root access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDgnu/hurd< 0.9.20210404-9

🔴Vulnerability Details

GHSA

GHSA-x9rv-39rr-f53c: An issue was discovered in GNU Hurd before 0↗2022-05-24

▶

CVEList

CVE-2021-43412: An issue was discovered in GNU Hurd before 0↗2021-11-07

▶

📋Vendor Advisories

Debian

CVE-2021-43412: hurd - An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake...↗2021

▶