Back to search
CVE-2021-20204
Published: May 6, 2021
Modified: Oct 17, 2024
PUBLISHED
Description
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
| Vendor | Product | Versions |
|---|---|---|
n/a | getdata | affected v0.10.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1956348
x_refsource_MISC
[debian-lts-announce] 20210513 [SECURITY] [DLA 2660-1] libgetdata security update
mailing-list
x_refsource_MLIST
FEDORA-2021-e2b64c614b
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-3b8bb26909
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-197545a753
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now