CVE-2021-40647 — MEDIUM (5.5)

Vulnerability Description

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Man2Html Project	Man2Html	1.6g

Related Weaknesses (CWE)

CWE-787

References

https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933ExploitThird Party Advisory
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933ExploitThird Party Advisory

FAQ

What is CVE-2021-40647?

CVE-2021-40647 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size pa...

How severe is CVE-2021-40647?

CVE-2021-40647 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-40647?

Check the references section above for vendor advisories and patch information. Affected products include: Man2Html Project Man2Html.