#VU54109 Out-of-bounds read in hivex - CVE-2021-3504


Vulnerability identifier: #VU54109

Vulnerability risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-3504

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
hivex
Other software / Other software solutions

Vendor: libguestfs

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the hivex_open() function when processing a Windows Registry (hive) file. A remote attacker can create a specially crafted Windows Registry (hive) file, trick the victim into opening it, trigger out-of-bounds read error and crash the application that us using the affected library.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

hivex: 1.1.0 - 1.3.19

External links
https://bugzilla.redhat.com/show_bug.cgi?id=1949687
https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for hivex
Red Hat Enterprise Linux 7 update for hivex
CentOS 7 update for hivex
Denial of service in hivex library
openEuler 20.03 LTS SP1 update for hivex
SUSE update for hivex
SUSE update for hivex
Arch Linux update for hivex
Debian update for hivex
Fedora 33 update for hivex