A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the getchildren() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.
{ "vanir_signatures": [ { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "source": "https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255", "id": "CVE-2021-3622-066ab8c3", "digest": { "function_hash": "138394577735161663126852814952112072419", "length": 2324.0 }, "target": { "function": "_get_children", "file": "lib/node.c" } }, { "signature_type": "Line", "deprecated": false, "signature_version": "v1", "source": "https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255", "id": "CVE-2021-3622-5c7db85f", "digest": { "line_hashes": [ "74309310395030575337290169571303175705", "233451100487387596963065481564458646252", "87209965537219425312944453589324538996", "75759970310467413331686537479272587427", "325938084959474812814722037016182574393", "55030333524285549612708431989715222969", "189692135388723762671179049222014938680", "268347765392776722820548116078944858468", "68860408180380056120812084260736257586", "101506122728373862828355737642028729389", "261104001740472006705787271478211920945", "102517267821207842162073957347805317418", "277520334333955264787363960026410344983", "131722666974530336955358580486147791888", "154045439088021880170804602014951719044", "183394433316313172637662585870132332815" ], "threshold": 0.9 }, "target": { "file": "lib/node.c" } }, { "signature_type": "Function", "deprecated": false, "signature_version": "v1", "source": "https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255", "id": "CVE-2021-3622-c3d94877", "digest": { "function_hash": "171072671982664405333538485700709584878", "length": 1790.0 }, "target": { "function": "_hivex_get_children", "file": "lib/node.c" } } ] }