CVE-2021-21815

Name of the Vulnerable Software and Affected Versions Xmill version 0.7

Description The issue is related to a stack-based buffer overflow in the HandleFileArg functionality of Xmill, which occurs due to insufficient length checks when copying user-provided input into a statically sized buffer using the strcpy function. This can be triggered by an attacker providing malicious input, potentially allowing them to execute arbitrary code. The filepattern argument, which is under user control, is passed directly to strcpy, leading to a stack-buffer overflow.

Recommendations For Xmill version 0.7, as a temporary workaround, consider restricting the use of the HandleFileArg functionality until a patch is available. Avoid using the filepattern argument in a way that could trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.