CVE-2021-42917

Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.

References

Affected packages

Git / github.com/fuzzard/xbmc

Affected ranges

Type: GIT
Repo: https://github.com/fuzzard/xbmc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

80c8138c09598e88b4ddb6dbb279fa193bbb3237

Affected versions

14.*

14.0a2-Helix

14.0a3-Helix

14.0a4-Helix

14.0b1-Helix

14.0b2-Helix

14.0b3-Helix

14.0b4-Helix

14.0b5-Helix

14.0rc1-Helix

14.0rc2-Helix

14.0rc3-Helix

15.*

15.0a1-Isengard

15.0a2-Isengard

15.0b1-Isengard

15.0b2-Isengard

15.0rc1-Isengard

16.*

16.0a1-Jarvis

16.0a2-Jarvis

16.0a3-Jarvis

16.0a4-Jarvis

16.0b1-Jarvis

16.0b2-Jarvis

17.*

17.0a1-Krypton

17.0a2-Krypton

17.0a3-Krypton

17.0b1-Krypton

17.0b2-Krypton

17.0b3-Krypton

17.0b4-Krypton

17.0b5-Krypton

17.0b6-Krypton

Other

Frodo_alpha1

Frodo_alpha2

Frodo_alpha3

Frodo_alpha4

Frodo_alpha5

Frodo_alpha6

Frodo_alpha7

Frodo_beta1

Frodo_beta2

Frodo_beta3

Frodo_rc1

Frodo_rc2

Frodo_rc3

Gotham_alpha1

Gotham_alpha10

Gotham_alpha11

Gotham_alpha2

Gotham_alpha3

Gotham_alpha4

Gotham_alpha5

Gotham_alpha6

Gotham_alpha7

Gotham_alpha8

Gotham_alpha9

legacy_drop_vs

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-42917.json"

vanir_signatures

[
    {
        "source": "https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "152448986931517141631931618082030122476",
                "173064288670576767280976837742951420035",
                "15205614205871181415836855196701805972",
                "336055780239469795852335282898795588148",
                "203921010307016786020586253181146907182",
                "39429620224066715997403372314622650447",
                "268399885667487201733117008760641765433",
                "196628942495930255134811054411820298455",
                "163584444075878666636260034844832758028"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2021-42917-413cd711",
        "signature_type": "Line",
        "target": {
            "file": "xbmc/playlists/PlayListPLS.cpp"
        }
    },
    {
        "source": "https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "239015864931717022205884530245420625809",
            "length": 2008.0
        },
        "id": "CVE-2021-42917-8e438c3b",
        "signature_type": "Function",
        "target": {
            "file": "xbmc/playlists/PlayListPLS.cpp",
            "function": "CPlayListASX::LoadData"
        }
    }
]

Git / github.com/xbmc/xbmc

Affected ranges

Type: GIT
Repo: https://github.com/xbmc/xbmc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

48730b64494798705d46dfccc4029bd36d072df3

Affected versions

14.*

14.0a2-Helix

14.0a3-Helix

14.0a4-Helix

14.0b1-Helix

14.0b2-Helix

14.0b3-Helix

14.0b4-Helix

14.0b5-Helix

14.0rc1-Helix

14.0rc2-Helix

14.0rc3-Helix

15.*

15.0a1-Isengard

15.0a2-Isengard

15.0b1-Isengard

15.0b2-Isengard

15.0rc1-Isengard

16.*

16.0a1-Jarvis

16.0a2-Jarvis

16.0a3-Jarvis

16.0a4-Jarvis

16.0b1-Jarvis

16.0b2-Jarvis

17.*

17.0a1-Krypton

17.0a2-Krypton

17.0a3-Krypton

17.0b1-Krypton

17.0b2-Krypton

17.0b3-Krypton

17.0b4-Krypton

17.0b5-Krypton

17.0b6-Krypton

18.*

18.0-Leia

18.0a1-Leia

18.0a2-Leia

18.0a3-Leia

18.0b1-Leia

18.0b1v2-Leia

18.0b2-Leia

18.0b3-Leia

18.0b4-Leia

18.0b5-Leia

18.0rc1-Leia

18.0rc2-Leia

18.0rc3-Leia

18.0rc4-Leia

18.0rc5-Leia

18.0rc5.2-Leia

18.1-Leia

18.1rc1-Leia

18.2rc1-Leia

19.*

19.0-Matrix

19.0RC1-Matrix

19.0a1-Matrix

19.0a2-Matrix

19.0a3-Matrix

19.0b1-Matrix

19.0b1Android-Matrix

19.0b2-Matrix