Vulnerability CVE-2021-3622: Information

Description

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-3622
Published: Dec. 24, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-400

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
hivexsisyphus1.3.21-alt11.3.23-alt3ALT-PU-2021-2562-1283250Fixed
hivexp101.3.21-alt21.3.21-alt2ALT-PU-2021-3447-1289137Fixed
hivexc10f11.3.21-alt21.3.21-alt2ALT-PU-2021-3447-1289137Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1975489
  • Exploit
  • Issue Tracking
  • Patch
  • Vendor Advisory
https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255
  • Patch
  • Third Party Advisory
https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html
  • Mailing List
  • Patch
  • Vendor Advisory
FEDORA-2021-372d83d54e
    FEDORA-2021-775b170f95

        1. Configuration 1

          cpe:2.3:a:redhat:hivex:*:*:*:*:*:*:*:*
          End excliding
          1.3.21

          Configuration 2

          cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
          cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*
          cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*

          Configuration 3

          cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.0
      Back to top