CVE-2021-32419

An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmtmtmload_song function in fmt/mtm.c.

References

Affected packages

Git / github.com/schismtracker/schismtracker

Affected ranges

Type

GIT

Repo

https://github.com/schismtracker/schismtracker

Events

Introduced

Fixed

c3f4125949004fe34e4eefa9242d49d65dd568f8

Fixed

1e2cc389a2a058fd13d99460c11115a6f7f7a6a4

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "20200412"
        }
    ]
}

Affected versions

Other

20160521

20160913

20170420

20170910

20180209

20180513

20180810

20181223

20190614

20190722

20190805

deploy-test-1

deploy-test-2

deploy-test-3

deploy-test-4

hg-import

macosx-deploy-test

issue-175.*

issue-175.0

issue-175.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2021-32419-040f51e3",
        "target": {
            "file": "schism/widget.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "41534818966501086304164836470508758450",
                "222377102072624111295474298271582241982",
                "265112813509916268140834760463751215755",
                "111971547383475602431267073673428322580",
                "169734701491302771824216204812752821088",
                "237964820457242366710920609822545141580",
                "292971023616381296089066259351605749738",
                "246032086413278929124296689280197642451",
                "65550076816628675396352422538928243173"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/schismtracker/schismtracker/commit/c3f4125949004fe34e4eefa9242d49d65dd568f8"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-32419-8e887c97",
        "target": {
            "file": "fmt/mtm.c",
            "function": "fmt_mtm_load_song"
        },
        "digest": {
            "length": 4419.0,
            "function_hash": "298656856945043239684938761828957924267"
        },
        "signature_version": "v1",
        "source": "https://github.com/schismtracker/schismtracker/commit/1e2cc389a2a058fd13d99460c11115a6f7f7a6a4"
    },
    {
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2021-32419-9152cd22",
        "target": {
            "file": "fmt/mtm.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "250874450995467078051754149728279483426",
                "322199718857949293499747172018328694299",
                "238188734071090339494334220432428072555",
                "83716173005277346416975585041255476716"
            ]
        },
        "signature_version": "v1",
        "source": "https://github.com/schismtracker/schismtracker/commit/1e2cc389a2a058fd13d99460c11115a6f7f7a6a4"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2021-32419-9e235c16",
        "target": {
            "file": "schism/widget.c",
            "function": "togglebutton_set"
        },
        "digest": {
            "length": 501.0,
            "function_hash": "266794352674715488648338525011267718230"
        },
        "signature_version": "v1",
        "source": "https://github.com/schismtracker/schismtracker/commit/c3f4125949004fe34e4eefa9242d49d65dd568f8"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32419.json"