Lucene search

K

[email protected]NVD:CVE-2021-20298

HistoryAug 23, 2022 - 4:15 p.m.

CVE-2021-20298

2022-08-2316:15:09

CWE-787

CWE-400

[email protected]

web.nvd.nist.gov

3

openexr

b44compressor

memory exhaustion

vulnerability

system availability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.9%

A flaw was found in OpenEXR’s B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.

Affected configurations

Nvd

Node

openexropenexrRange≤2.5.7

Node

debiandebian_linuxMatch10.0

References

access.redhat.com/security/cve/CVE-2021-20298

bugs.chromium.org/p/oss-fuzz/issues/detail?id=25913

bugzilla.redhat.com/show_bug.cgi?id=1939156

github.com/AcademySoftwareFoundation/openexr/commit/85fd638ae0d5fa132434f4cbf32590261c1dba97

github.com/AcademySoftwareFoundation/openexr/pull/843

lists.debian.org/debian-lts-announce/2022/12/msg00022.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.9%

Related for NVD:CVE-2021-20298

ubuntucve1 cve1 debiancve1 redhatcve1 cvelist1 prion1 osv2 openvas9 nessus13 amazon1 suse2 debian1