CVE-2021-40648 — MEDIUM (5.5)

Vulnerability Description

In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Man2Html Project	Man2Html	1.6g

Related Weaknesses (CWE)

CWE-20

References

https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933ExploitThird Party Advisory
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933ExploitThird Party Advisory

FAQ

What is CVE-2021-40648?

CVE-2021-40648 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later...

How severe is CVE-2021-40648?

CVE-2021-40648 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-40648?

Check the references section above for vendor advisories and patch information. Affected products include: Man2Html Project Man2Html.