CVE-2021-45972 — Improper Validation of Specified Quantity in Input in Project Giftrans

CWE-1284 — Improper Validation of Specified Quantity in Input CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.2%

top 59.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Linux Giftrans Project Giftrans Debian Giftrans

Timeline

PublishedJan 1

Latest updateJan 2

Description

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶debiandebian/giftrans

▶NVDgiftrans_project/giftrans1.12.2

Also affects: Debian Linux 10.0, 11.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-mvg4-4v3q-g4xj: The giftrans function in giftrans 1↗2022-01-02

▶

OSV

CVE-2021-45972: The giftrans function in giftrans 1↗2022-01-01

▶

📋Vendor Advisories

Debian

CVE-2021-45972: giftrans - The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow ...↗2021

▶