In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.
References
Link | Resource |
---|---|
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2022-09-09 18:15
Updated : 2024-02-28 19:29
NVD link : CVE-2021-40648
Mitre link : CVE-2021-40648
CVE.ORG link : CVE-2021-40648
JSON object : View
Products Affected
man2html_project
- man2html
CWE
CWE-20
Improper Input Validation