CVE-2021-3405
CVE-2021-3405
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
23 Feb 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml.
Affected products
n/a · libebmlWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/Matroska-Org/libebml/issues/74https://lists.debian.org/debian-lts-announce/2021/04/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHIIMWZKHHELFF4NRDMOOCS3HKK3K4DF/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YY7R2JZRO5I6WS62KTJFTZGKYELVFTVB/https://security.gentoo.org/glsa/202208-21