CVE-2021-29221

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-29221

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29221.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-29221

Published

2021-04-09T14:15:12.910Z

Modified

2026-04-10T04:31:56.255312Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with "erlsrv.exe" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions.

References

Affected packages

Git / github.com/erlang/otp

Affected ranges

Type

GIT

Repo

https://github.com/erlang/otp

Events

Introduced

Fixed

050a78f8a67ed76a632f0e73b76ceb83e7054e5f

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "23.2.3"
        }
    ]
}

Affected versions

OTP-17.*

OTP-17.0

OTP-18.*

OTP-18.0

OTP-18.0-rc1

OTP-19.*

OTP-19.0

OTP-19.0-rc1

OTP-19.0-rc2

OTP-20.*

OTP-20.0

OTP-20.0-rc1

OTP-20.0-rc2

OTP-21.*

OTP-21.0

OTP-21.0-rc1

OTP-21.0-rc2

OTP-22.*

OTP-22.0

OTP-22.0-rc1

OTP-22.0-rc2

OTP-22.0-rc3

OTP-23.*

OTP-23.0

OTP-23.0-rc1

OTP-23.0-rc2

OTP-23.0-rc3

OTP-23.1

OTP-23.2

OTP-23.2.1

OTP-23.2.2

OTP_17.*

OTP_17.0-rc1

OTP_17.0-rc2

Other

OTP_R13B03

OTP_R13B04

OTP_R14A

OTP_R14B

OTP_R14B01

OTP_R14B02

OTP_R14B03

OTP_R15A

OTP_R15B

OTP_R16A_RELEASE_CANDIDATE

OTP_R16B

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29221.json"