CVE-2021-27791

MEDIUM Year: 2021
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

The function that is used to parse the Authentication header in Brocade Fabric OS Web application service before Brocade Fabric OS v9.0.1a and v8.2.3a fails to properly process a malformed authentication header from the client, resulting in reading memory addresses outside the intended range. An unauthenticated attacker could discover a request, which could bypass the authentication process.

Related Vulnerabilities

CVE-2018-16890

MEDIUM
CVSS:5.4(Medium)

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does ...

CWE-1252018

CVE-2019-17595

MEDIUM
CVSS:5.4(Medium)

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

CWE-1252019

CVE-2020-11086

MEDIUM
CVSS:5.4(Medium)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1....

CWE-1252020

CVE-2020-11087

MEDIUM
CVSS:5.4(Medium)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.

CWE-1252020

CVE-2020-11088

MEDIUM
CVSS:5.4(Medium)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.

CWE-1252020

CVE-2020-11095

MEDIUM
CVSS:5.4(Medium)

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is ...

CWE-1252020