CVE-2021-4327

A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability.

CVSS v3.0 9.8 CRITICAL

9.8^/10

CVSS v3.0 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://vuldb.com/?id.222074	Permissions Required Third Party Advisory
https://vuldb.com/?ctiid.222074	Permissions Required Third Party Advisory
https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html	Exploit Third Party Advisory
https://github.com/SerenityOS/serenity/commit/f6c6047e49f1517778f5565681fb64750b14bf60	Patch

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:o:serenityos:serenityos:*:*:*:*:*:*:*:*

Information

Published : 2023-03-01 03:15

Updated : 2023-03-13 07:10

NVD link : CVE-2021-4327

Mitre link : CVE-2021-4327

JSON object : View

CWE

CWE-190

Integer Overflow or Wraparound

Advertisement

Products Affected

serenityos

serenityos

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://vuldb.com/?id.222074", "name": "https://vuldb.com/?id.222074", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.222074", "name": "https://vuldb.com/?ctiid.222074", "tags": ["Permissions Required", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html", "name": "https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/SerenityOS/serenity/commit/f6c6047e49f1517778f5565681fb64750b14bf60", "name": "https://github.com/SerenityOS/serenity/commit/f6c6047e49f1517778f5565681fb64750b14bf60", "tags": ["Patch"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-190"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-4327", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2023-03-01T11:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:serenityos:serenityos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2021-01-27"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-13T14:10Z"}