In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.
References
Link | Resource |
---|---|
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 | Exploit Third Party Advisory |
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 06:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 - Exploit, Third Party Advisory |
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 |
Information
Published : 2022-09-09 18:15
Updated : 2024-11-21 06:24
NVD link : CVE-2021-40647
Mitre link : CVE-2021-40647
CVE.ORG link : CVE-2021-40647
JSON object : View
Products Affected
man2html_project
- man2html
CWE
CWE-787
Out-of-bounds Write