SUSE update for hivex

1) Out-of-bounds read

EUVDB-ID: #VU54109

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3504

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition within the hivex_open() function when processing a Windows Registry (hive) file. A remote attacker can create a specially crafted Windows Registry (hive) file, trick the victim into opening it, trigger out-of-bounds read error and crash the application that us using the affected library.

Mitigation

Update the affected package hivex to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Software Development Kit: 12-SP5

SUSE Linux Enterprise Server: 12-SP5

perl-Win-Hivex-debuginfo: before 1.3.10-5.3.1

perl-Win-Hivex: before 1.3.10-5.3.1

libhivex0-debuginfo: before 1.3.10-5.3.1

libhivex0: before 1.3.10-5.3.1

hivex-devel: before 1.3.10-5.3.1

hivex-debugsource: before 1.3.10-5.3.1

hivex-debuginfo: before 1.3.10-5.3.1

External links

http://www.suse.com/support/update/announcement/2021/suse-su-20211760-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.