Halibut Project Halibut vulnerabilities

CVE-2021-42612 [HIGH] CWE-416 CVE-2021-42612: A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentati A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

CVE-2021-42613 [HIGH] CWE-415 CVE-2021-42613: A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of ser A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

CVE-2021-42614 [HIGH] CWE-416 CVE-2021-42614: A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a se A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

CVE-2021-31819 [CRITICAL] CWE-502 Remote Code Execution in Halibut Remote Code Execution in Halibut In Halibut versions prior to 4.4.7 there is a deserialisation vulnerability that could allow remote code execution on systems that already trust each other based on certificate verification.