QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3622

Published: Dec 23, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

Vendor	Product	Versions
n/a	hivex	affected `hivex-1.3.21`

Weaknesses (CWE)

References

FEDORA-2021-372d83d54e

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-775b170f95

vendor-advisory

x_refsource_FEDORA

https://bugzilla.redhat.com/show_bug.cgi?id=1975489

x_refsource_MISC

https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255

x_refsource_MISC

https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.