CVE-2021-3622

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the getchildren() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

References

Affected packages

Debian:11 / hivex

Package

Name: hivex
Purl: pkg:deb/debian/hivex?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.3.20-1

1.3.21-1

1.3.21-1.1

1.3.23-1

1.3.23-2

1.3.24-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / hivex

Package

Name: hivex
Purl: pkg:deb/debian/hivex?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / hivex

Package

Name: hivex
Purl: pkg:deb/debian/hivex?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.21-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/libguestfs/hivex

Affected ranges

Type: GIT
Repo: https://github.com/libguestfs/hivex
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

771728218dac2fbf6997a7e53225e75a4c6b7255

Affected versions

1.*

1.1.0

1.1.1

1.1.2

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.2.7

1.2.8

1.3.0

1.3.1

1.3.10

1.3.11

1.3.12

1.3.13

1.3.19

1.3.2

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.3.8

1.3.9

v1.*

v1.3.14

v1.3.15

v1.3.16

v1.3.17

v1.3.18

v1.3.19

v1.3.20