CVE-2021-3504

Public on 2021-05-11
Modified on 2024-03-01
Description
A flaw was found in the hivex library. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.4
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core hivex 2021-06-16 ALAS2-2021-1658 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
NVD CVSSv2 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P
NVD CVSSv3 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L