Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-3522

Published: 02/06/2021 Updated: 28/09/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Gstreamer Project

Vulnerability Summary

GStreamer prior to 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gstreamer project gstreamer

netapp snapmanager -

netapp oncommand workflow automation -

netapp oncommand insight -

netapp e-series santricity storage manager -

netapp solidfire -

netapp hci management node -

netapp active iq unified manager -

netapp santricity unified manager -

netapp e-series santricity web services -

netapp e-series santricity os controller

oracle openjdk 8

Vendor Advisories

Amazon Linux 2: ALAS-2024-2407
A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible The highest threat from this vulnerability is to system availability (CVE-2021-3522) ...
Amazon Linux 2: ALAS2-2021-1718
There is a flaw in the xml entity encoding functionality of libxml2 An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read The most likely impact of this flaw is to application availability, with some potential impact to confidentiali ...
Amazon Linux 2: ALAS2-2023-2000
A flaw was found in gstreamer-plugins-base where an out-of-bounds read when handling certain ID3v2 tags is possible The highest threat from this vulnerability is to system availability (CVE-2021-3522) ...
Arch Linux Issues:
Vulnerability in Java SE version 8u301 Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Java SE as well as unauthorized update ...

References

CWE-125https://bugzilla.redhat.com/show_bug.cgi?id=1954761https://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://security.netapp.com/advisory/ntap-20211022-0004/https://security.gentoo.org/glsa/202208-31https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2407.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook