Vulnerability Details CVE-2021-37232
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1
- https://github.com/wez/atomicparsley/issues/32
- https://security.gentoo.org/glsa/202305-01
- https://github.com/wez/atomicparsley/commit/d72ccf06c98259d7261e0f3ac4fd8717778782c1
- https://github.com/wez/atomicparsley/issues/32
- https://security.gentoo.org/glsa/202305-01
Products affected by CVE-2021-37232
-
cpe:2.3:a:atomicparsley_project:atomicparsley:0.9.3
-
cpe:2.3:a:atomicparsley_project:atomicparsley:0.9.4
-
cpe:2.3:a:atomicparsley_project:atomicparsley:0.9.5
-
cpe:2.3:a:atomicparsley_project:atomicparsley:0.9.6
-
cpe:2.3:a:atomicparsley_project:atomicparsley:20200701.154658.b0d6223
-
cpe:2.3:a:atomicparsley_project:atomicparsley:20201231.092811.cbecfb1
-
cpe:2.3:a:atomicparsley_project:atomicparsley:20210114.184825.1dbe1be
-
cpe:2.3:a:atomicparsley_project:atomicparsley:20210124.204813.840499f