PT-2021-24317 · Mdb Tools · Mdb Tools
Published
2021-12-31
·
Updated
2022-12-09
·
CVE-2021-45927
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
MDB Tools (aka mdbtools) version 0.9.2
Description:
The issue is a stack-based buffer overflow in the
mdb numeric to string function, which is called from mdb xfer bound data and mdb attempt bind. This overflow occurs at the memory address 0x7ffd6e029ee0.Recommendations:
For MDB Tools (aka mdbtools) version 0.9.2, consider disabling the
mdb numeric to string function as a temporary workaround until a patch is available. Restrict access to the functions mdb xfer bound data and mdb attempt bind to minimize the risk of exploitation.Exploit
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mdb Tools