Common Weakness Enumeration

CWE-416

Allowed

Use After Free

Abstraction: Variant · Status: Stable

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

9813 vulnerabilities reference this CWE, most recent first.

CVE-2021-34324 (GCVE-0-2021-34324)

Vulnerability from cvelistv5 – Published: 2021-07-13 11:03 – Updated: 2024-08-04 00:05
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Siemens JT2Go Affected: All versions < V13.2
Create a notification for this product.
Siemens Teamcenter Visualization Affected: All versions < V13.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:05:52.505Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JT2Go",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13.2"
            }
          ]
        },
        {
          "product": "Teamcenter Visualization",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T10:06:50.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-34324",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JT2Go",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Teamcenter Visualization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The Jt981.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13420)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-862/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-34324",
    "datePublished": "2021-07-13T11:03:40.000Z",
    "dateReserved": "2021-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:05:52.505Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34301 (GCVE-0-2021-34301)

Vulnerability from cvelistv5 – Published: 2021-07-13 11:03 – Updated: 2024-08-04 00:05
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Siemens JT2Go Affected: All versions < V13.2
Create a notification for this product.
Siemens Teamcenter Visualization Affected: All versions < V13.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:05:52.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JT2Go",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13.2"
            }
          ]
        },
        {
          "product": "Teamcenter Visualization",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T10:07:32.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-34301",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JT2Go",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Teamcenter Visualization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-873/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-34301",
    "datePublished": "2021-07-13T11:03:18.000Z",
    "dateReserved": "2021-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:05:52.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-34298 (GCVE-0-2021-34298)

Vulnerability from cvelistv5 – Published: 2021-07-13 11:03 – Updated: 2024-08-04 00:05
VLAI
Summary
A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)
Severity
No CVSS data available.
CWE
Assigner
References
Impacted products
Vendor Product Version
Siemens JT2Go Affected: All versions < V13.2
Create a notification for this product.
Siemens Teamcenter Visualization Affected: All versions < V13.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:05:52.453Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "JT2Go",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13.2"
            }
          ]
        },
        {
          "product": "Teamcenter Visualization",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-19T10:06:15.000Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2021-34298",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "JT2Go",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Teamcenter Visualization",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions \u003c V13.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Siemens"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.2), Teamcenter Visualization (All versions \u003c V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf",
              "refsource": "MISC",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-483182.pdf"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-872/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-34298",
    "datePublished": "2021-07-13T11:03:15.000Z",
    "dateReserved": "2021-06-08T00:00:00.000Z",
    "dateUpdated": "2024-08-04T00:05:52.453Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33796 (GCVE-0-2021-33796)

Vulnerability from cvelistv5 – Published: 2023-07-07 17:55 – Updated: 2024-11-12 19:49
VLAI
Summary
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MuJS MuJS Affected: 1.1.1 , ≤ all (rpm)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:23.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ccxvii/mujs/commit/7ef066a3bb95bf83e7c5be50d859e62e58fe8515"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-33796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-12T19:48:43.732741Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-12T19:49:00.304Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MuJS",
          "vendor": "MuJS",
          "versions": [
            {
              "lessThanOrEqual": "all",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cpre\u003eIn MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.\u003c/pre\u003e"
            }
          ],
          "value": "In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-131",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-131 Resource Leak Exposure"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-07T17:55:00.630Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "url": "https://github.com/ccxvii/mujs/commit/7ef066a3bb95bf83e7c5be50d859e62e58fe8515"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2021-33796",
    "datePublished": "2023-07-07T17:55:00.630Z",
    "dateReserved": "2021-06-02T17:24:42.913Z",
    "dateUpdated": "2024-11-12T19:49:00.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33641 (GCVE-0-2021-33641)

Vulnerability from cvelistv5 – Published: 2023-01-20 00:00 – Updated: 2025-04-03 20:03
VLAI
Summary
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
n/a byacc Affected: <1.9.20200330 and <2.0.20210808
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:21.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitee.com/src-openeuler/byacc/commit/50225f48c6b53e9d7c936681a06682404cb8ec4d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-33641",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T15:37:25.468877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-03T20:03:08.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "byacc",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c1.9.20200330 and \u003c2.0.20210808"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 : use after free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-20T00:00:00.000Z",
        "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "shortName": "openEuler"
      },
      "references": [
        {
          "url": "https://gitee.com/src-openeuler/byacc/commit/50225f48c6b53e9d7c936681a06682404cb8ec4d"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
    "assignerShortName": "openEuler",
    "cveId": "CVE-2021-33641",
    "datePublished": "2023-01-20T00:00:00.000Z",
    "dateReserved": "2021-05-28T00:00:00.000Z",
    "dateUpdated": "2025-04-03T20:03:08.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33640 (GCVE-0-2021-33640)

Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:58
VLAI
Summary
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:58:21.909Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640\u0026packageName=libtar"
          },
          {
            "name": "FEDORA-2022-88772d0a2d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
          },
          {
            "name": "FEDORA-2022-ccc68b06cc",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-33640",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T14:57:23.132306Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T14:58:03.494Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openEuler 22.03 LTS",
          "vendor": "openEuler",
          "versions": [
            {
              "status": "affected",
              "version": " libtar 1.2.20-21"
            }
          ]
        },
        {
          "product": "openEuler 20.03 LTS SP1",
          "vendor": "openEuler",
          "versions": [
            {
              "status": "affected",
              "version": " libtar 1.2.20-19"
            }
          ]
        },
        {
          "product": "openEuler 20.03 LTS SP3",
          "vendor": "openEuler",
          "versions": [
            {
              "status": "affected",
              "version": " libtar 1.2.20-19"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t-\u003eth_buf) . As a result, the released memory is used (use-after-free)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-28T00:00:00.000Z",
        "orgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
        "shortName": "openEuler"
      },
      "references": [
        {
          "url": "https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33640\u0026packageName=libtar"
        },
        {
          "name": "FEDORA-2022-88772d0a2d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4S4PJRCJLEAWN2EKXGLSOBTL7O57V7NC/"
        },
        {
          "name": "FEDORA-2022-ccc68b06cc",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WX5YE66CT7Y5C2HTHXSFDKQWYWYWJ2T/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7e1ac599-2767-43fa-b3ea-f10178cc98f2",
    "assignerShortName": "openEuler",
    "cveId": "CVE-2021-33640",
    "datePublished": "2022-12-19T00:00:00.000Z",
    "dateReserved": "2021-05-28T00:00:00.000Z",
    "dateUpdated": "2025-04-17T14:58:03.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-33480 (GCVE-0-2021-33480)

Vulnerability from cvelistv5 – Published: 2021-11-17 00:00 – Updated: 2024-08-03 23:50
VLAI
Summary
An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a gocr Affected: gocr 0.53-20200802
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:50:42.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/jocr/bugs/40/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://sourceforge.net/p/jocr/bugs/41/"
          },
          {
            "name": "GLSA-202401-28",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-28"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "gocr",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "gocr 0.53-20200802"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-24T05:06:46.403Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1962854"
        },
        {
          "url": "https://sourceforge.net/p/jocr/bugs/40/"
        },
        {
          "url": "https://sourceforge.net/p/jocr/bugs/41/"
        },
        {
          "name": "GLSA-202401-28",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-28"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2021-33480",
    "datePublished": "2021-11-17T00:00:00.000Z",
    "dateReserved": "2021-05-20T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:50:42.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32944 (GCVE-0-2021-32944)

Vulnerability from cvelistv5 – Published: 2021-06-17 12:50 – Updated: 2024-08-03 23:33
VLAI
Summary
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a Drawings SDK Affected: All versions prior to 2022.4
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:55.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drawings SDK",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 2022.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "USE AFTER FREE CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-08T14:06:24.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-32944",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Drawings SDK",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to 2022.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. This can result in a memory corruption or arbitrary code execution, allowing attackers to cause a denial-of-service condition or execute code in the context of the current process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE AFTER FREE CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-159-02"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-365397.pdf"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-987/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-990/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-155599.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-32944",
    "datePublished": "2021-06-17T12:50:37.000Z",
    "dateReserved": "2021-05-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:33:55.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32781 (GCVE-0-2021-32781)

Vulnerability from cvelistv5 – Published: 2021-08-24 20:50 – Updated: 2024-08-03 23:33
VLAI
Title
Continued processing of requests after locally generated response
Summary
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible.
CWE
Assigner
References
Impacted products
Vendor Product Version
envoyproxy envoy Affected: >= 1.19.0, < 1.19.1
Affected: >= 1.18.0, < 1.18.4
Affected: >= 1.17.0, < 1.17.4
Affected: >= 1.16.0, < 1.16.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:55.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.19.0, \u003c 1.19.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.18.0, \u003c 1.18.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.17.0, \u003c 1.17.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.16.0, \u003c 1.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy\u0027s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-24T20:50:10.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
        }
      ],
      "source": {
        "advisory": "GHSA-5vhv-gp9v-42qv",
        "discovery": "UNKNOWN"
      },
      "title": "Continued processing of requests after locally generated response",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32781",
          "STATE": "PUBLIC",
          "TITLE": "Continued processing of requests after locally generated response"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "envoy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003e= 1.19.0, \u003c 1.19.1"
                          },
                          {
                            "version_value": "\u003e= 1.18.0, \u003c 1.18.4"
                          },
                          {
                            "version_value": "\u003e= 1.17.0, \u003c 1.17.4"
                          },
                          {
                            "version_value": "\u003e= 1.16.0, \u003c 1.16.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "envoyproxy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy\u0027s decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416: Use After Free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history",
              "refsource": "MISC",
              "url": "https://www.envoyproxy.io/docs/envoy/v1.19.0/version_history/version_history"
            },
            {
              "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv",
              "refsource": "CONFIRM",
              "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5vhv-gp9v-42qv"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-5vhv-gp9v-42qv",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32781",
    "datePublished": "2021-08-24T20:50:10.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:33:55.673Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-32613 (GCVE-0-2021-32613)

Vulnerability from cvelistv5 – Published: 2021-05-14 12:11 – Updated: 2024-08-03 23:25
VLAI
Summary
In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a radare2 Affected: radare2 versions before and including 5.3.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:25:30.599Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/issues/18679"
          },
          {
            "name": "FEDORA-2021-ca59eb65a9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/"
          },
          {
            "name": "FEDORA-2021-834f900f53",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/issues/18667"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/issues/18666"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "radare2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "radare2 versions before and including 5.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-29T19:00:07.000Z",
        "orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
        "shortName": "fedora"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/issues/18679"
        },
        {
          "name": "FEDORA-2021-ca59eb65a9",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/"
        },
        {
          "name": "FEDORA-2021-834f900f53",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/issues/18667"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/issues/18666"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "patrick@puiterwijk.org",
          "ID": "CVE-2021-32613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "radare2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "radare2 versions before and including 5.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In radare2 through 5.3.0 there is a double free vulnerability in the pyc parse via a crafted file which can lead to DoS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959939"
            },
            {
              "name": "https://github.com/radareorg/radare2/issues/18679",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/issues/18679"
            },
            {
              "name": "FEDORA-2021-ca59eb65a9",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W3LPB5VGCIA7WA55FSB3YZQFUGZKWD7O/"
            },
            {
              "name": "FEDORA-2021-834f900f53",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3S7JB46PONPHXZHIMR2XDPLGJCN5ZIX/"
            },
            {
              "name": "https://github.com/radareorg/radare2/issues/18667",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/issues/18667"
            },
            {
              "name": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/commit/a07dedb804a82bc01c07072861942dd80c6b6d62"
            },
            {
              "name": "https://github.com/radareorg/radare2/issues/18666",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/issues/18666"
            },
            {
              "name": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05",
              "refsource": "MISC",
              "url": "https://github.com/radareorg/radare2/commit/5e16e2d1c9fe245e4c17005d779fde91ec0b9c05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
    "assignerShortName": "fedora",
    "cveId": "CVE-2021-32613",
    "datePublished": "2021-05-14T12:11:40.000Z",
    "dateReserved": "2021-05-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T23:25:30.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Architecture and Design

Strategy: Language Selection

Choose a language that provides automatic memory management.

Mitigation
Implementation

Strategy: Attack Surface Reduction

When freeing pointers, be sure to set them to NULL once they are freed. However, the utilization of multiple or complex data structures may lower the usefulness of this strategy.

No CAPEC attack patterns related to this CWE.