Vulnerabilities > CVE-2021-40391 - Improper Handling of Exceptional Conditions vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

NVD

Published: 2021-11-19

Updated: 2023-11-07

Summary

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Gerbv_Project Gerbv Project Gerbv 2.7.0	3
OS	Debian Debian Debian Linux 9.0	1
OS	Fedoraproject Fedoraproject Fedora 36	1

Common Weakness Enumeration (CWE)

CWE-755 - Improper Handling of Exceptional Conditions

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402
https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/