CVE-2021-40647

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-40647
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40647.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-40647
Related
Published
2022-09-09T18:15:09Z
Modified
2024-09-18T03:16:10.067025Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.

References

Affected packages

Debian:11 / man2html

Package

Name
man2html
Purl
pkg:deb/debian/man2html?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6g-14
1.6g-15
1.6g-16

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / man2html

Package

Name
man2html
Purl
pkg:deb/debian/man2html?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6g-14
1.6g-15
1.6g-16

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / man2html

Package

Name
man2html
Purl
pkg:deb/debian/man2html?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.6g-16

Affected versions

1.*

1.6g-14
1.6g-15

Ecosystem specific

{
    "urgency": "not yet assigned"
}