PT-2021-3908 · Hivex+7 · Hivex+7

Jeremy Galindo

Published

2021-08-18

Updated

2024-06-15

CVE-2021-3622

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions hivex (affected versions not specified)

Description A flaw in the hivex library allows an attacker to input a specially crafted Windows Registry (hive) file. This would cause hivex to recursively call the get children() function, leading to a stack overflow. The highest threat from this issue is to system availability. It is also related to a buffer overflow in memory, which can be exploited to cause a denial of service.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Stack Overflow

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-400

Related Identifiers

ALSA-2022:1759

ALT-PU-2021-2562

ALT-PU-2021-3447

AZL-7096

BDU:2021-04419

CESA-2021_3338

CESA-2022_1759

CVE-2021-3622

MGASA-2021-0528

OESA-2021-1361

OPENSUSE-SU-2021:1319-1

OPENSUSE-SU-2021:3201-1

OPENSUSE-SU-2021_1319-1

OPENSUSE-SU-2021_3201-1

OPENSUSE-SU-2024:10845-1

RHSA-2021:3338

RHSA-2021_3338

RHSA-2022:1759

RHSA-2022_1759

RLSA-2022:1759

ROSA-SA-2023-2310

SUSE-SU-2021:3201-1

SUSE-SU-2021:3201-2

SUSE-SU-2021:3210-1

SUSE-SU-2021_3201-1

SUSE-SU-2021_3210-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Red Hat

Rocky Linux

Suse

Hivex

PT-2021-3908 · Hivex+7 · Hivex+7

CVE-2021-3622

Weakness Enumeration

Related Identifiers

Affected Products

References · 201