Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-29482

Published: 28/04/2021 Updated: 14/05/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Xz Project

Vulnerability Summary

xz is a compression and decompression library focusing on the xz format completely written in Go. The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. The problem has been fixed in release v0.5.8. As a workaround users can limit the size of the compressed file input to a reasonable size for their use case. The standard library had recently the same issue and got the CVE-2020-16845 allocated.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

Debian CVElist Bug Report Logs: golang-github-ulikunitz-xz: CVE-2021-29482
Debian Bug report logs - #988243 golang-github-ulikunitz-xz: CVE-2021-29482 Package: src:golang-github-ulikunitz-xz; Maintainer for src:golang-github-ulikunitz-xz is Debian Go Packaging Team <team+pkg-go@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 8 May 2021 14:18:01 UTC Sev ...
Red Hat: Moderate: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update
Synopsis Moderate: OpenShift API for Data Protection (OADP) 101 security and bug fix update Type/Severity Security Advisory: Moderate Topic OpenShift API for Data Protection (OADP) 101 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base s ...
Red Hat: Moderate: Release of containers for OSP 16.2.z director operator tech preview
Synopsis Moderate: Release of containers for OSP 162z director operator tech preview Type/Severity Security Advisory: Moderate Topic Red Hat OpenStack Platform 162 (Train) director Operator containers areavailable for technology preview Description Release osp-director-operator imagesSecurity Fix(es): golang: kubernetes: YAML parsing v ...
Red Hat: Important: Red Hat OpenShift Service Mesh 2.0.9 security update
Synopsis Important: Red Hat OpenShift Service Mesh 209 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic Red Hat OpenShift Service Mesh 209Red Hat Product Security has rated this update as having a secu ...

References

CWE-835https://github.com/ulikunitz/xz/security/advisories/GHSA-25xm-hr59-7c27https://github.com/ulikunitz/xz/commit/69c6093c7b2397b923acf82cb378f55ab2652b9bhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988243https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook