1) Heap-based buffer overflow

EUVDB-ID: #VU59952

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-45417

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in src/base64.h. A local user can use specially crafted file metadata, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

aide (Red Hat package): before 0.15.1-13.el7_9.1

---

CPE2.3

• cpe:2.3:o:red_hat:red_hat_enterprise_linux_for_power\,_little_endian:7:*:*:*:*:red_hat_enterprise_linux:*:*

External links

http://access.redhat.com/errata/RHSA-2022:0473

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?