CVE-2021-38479

October 27, 2021

Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.

Summary:

Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer.

Reference Links(if available):

  • https://us-cert.cisa.gov/ics/advisories/icsa-21-292-01

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    359d364d607d2a420604f5ed0d65e1eceac077deb54d8fe37e6f5c66e52542af

    Espionage – A Linux Packet Sniffing Suite For Automated MiTM Attacks

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Eight Industrial Control Systems Advisories

    April 25, 2024
    alerts

    Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

    April 25, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

    April 25, 2024
    hkcert

    Cisco Products Multiple Vulnerabilities

    April 25, 2024