Vulnerabilities > CVE-2021-21813 - Out-of-bounds Write vulnerability in ATT Xmill 0.7

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
att
CWE-787

Summary

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.

Vulnerable Configurations

Part Description Count
Application
Att
1

Common Weakness Enumeration (CWE)