Home > Vulnerability Database > CVE-2021-3504

Mend.io Vulnerability Database

CVE-2021-3504

Good to know:

Date: May 11, 2021

A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to crash. The highest threat from this vulnerability is to system availability.

Language: C

Severity Score

5.4

Related Resources (13)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-3504

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22/

Url: https://security-tracker.debian.org/tracker/CVE-2021-3504

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2021-3504

Url: https://lists.debian.org/debian-lts-announce/2021/05/msg00011.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=1949687

Url: https://github.com/libguestfs/hivex/commit/8f1935733b10d974a1a4176d38dd151ed98cf381

Url: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQXTEACRWYAZVNEOIWIYUFGG4GOXSQ22/

Url: https://access.redhat.com/security/cve/CVE-2021-3504

Url: https://security.alpinelinux.org/vuln/CVE-2021-3504

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5BNKNVYFL36P2GBEB5O36LHFRYU575H/

Url: https://www.mend.io/vulnerability-database/CVE-2021-3504

Severity Score

5.4

Weakness Type (CWE)

Out-of-bounds Read

CWE-125

Top Fix

Upgrade Version

Upgrade to version v1.3.20

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-3504

Good to know:

Date: May 11, 2021

Language: C

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?