Vulnerability Description
perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Perm | 0.4.0 |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993019ExploitVendor Advisory
- https://lists.debian.org/debian-med/2021/08/msg00016.htmlMailing ListVendor Advisory
- https://packages.qa.debian.org/p/perm.htmlIssue TrackingPatchVendor Advisory
- https://salsa.debian.org/med-team/perm/-/commits/master/PatchVendor Advisory
- https://tracker.debian.org/pkg/permIssue TrackingPatchVendor Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993019ExploitVendor Advisory
- https://lists.debian.org/debian-med/2021/08/msg00016.htmlMailing ListVendor Advisory
- https://packages.qa.debian.org/p/perm.htmlIssue TrackingPatchVendor Advisory
- https://salsa.debian.org/med-team/perm/-/commits/master/PatchVendor Advisory
- https://tracker.debian.org/pkg/permIssue TrackingPatchVendor Advisory
FAQ
What is CVE-2021-38172?
CVE-2021-38172 is a vulnerability with a CVSS score of 9.8 (CRITICAL). perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)
How severe is CVE-2021-38172?
CVE-2021-38172 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-38172?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Perm.