CVE-2021-3504

MEDIUM Year: 2021
CVSS v3 Score
5.4
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-125
View all →

Vulnerability Description

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.

Related Vulnerabilities

CVE-2018-16890

MEDIUM
CVSS:5.4(Medium)

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does ...

CWE-1252018

CVE-2019-17595

MEDIUM
CVSS:5.4(Medium)

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

CWE-1252019

CVE-2020-11086

MEDIUM
CVSS:5.4(Medium)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1....

CWE-1252020

CVE-2020-11087

MEDIUM
CVSS:5.4(Medium)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.

CWE-1252020

CVE-2020-11088

MEDIUM
CVSS:5.4(Medium)

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.

CWE-1252020

CVE-2020-11095

MEDIUM
CVSS:5.4(Medium)

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is ...

CWE-1252020