CVE-2021-40647

{"id": "CVE-2021-40647", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-09-09T18:15:09.197", "references": [{"url": "https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory."}, {"lang": "es", "value": "En man2html versi\u00f3n 1.6g, una cadena espec\u00edfica que es le\u00edda desde un archivo sobrescribir\u00e1 el par\u00e1metro de tama\u00f1o en el chunk superior del mont\u00f3n. Esto al menos causa que el programa aborte la segmentaci\u00f3n si el par\u00e1metro de tama\u00f1o de la pila no est\u00e1 alineado correctamente. En versiones anteriores a 2.29 de GLIBC y alineado correctamente, permite una escritura arbitraria en cualquier parte de la memoria del programa"}], "lastModified": "2023-08-08T14:22:24.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:man2html_project:man2html:1.6g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "843C1C93-461D-413C-B54F-2642C98DD0F7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}