PT-2021-7819 · At&T · At&T Labs Xmill
Carl Hurd
·
Published
2021-08-10
·
Updated
2024-08-03
·
CVE-2021-21828
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
AT&T Labs Xmill version 0.7
Description
A heap-based buffer overflow issue exists in the XML Decompression DecodeTreeBlock functionality. This occurs when a label is created via
CurPath::AddLabel to track the label for later reference. An attacker can trigger this issue by providing a malicious file, potentially allowing remote execution of arbitrary code.Recommendations
For AT&T Labs Xmill version 0.7, consider disabling the
DecodeTreeBlock functionality until a patch is available to prevent exploitation. Restrict access to the XML Decompression feature to minimize the risk of arbitrary code execution. Avoid using the CurPath::AddLabel function in the affected XML Decompression DecodeTreeBlock functionality until the issue is resolved.Exploit
Fix
Buffer Overflow
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
At&T Labs Xmill