CVE-2021-20204 — Vulnetix

CVE-2021-20204 PUBLISHED

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.

EPSS 2.34% · 85.2th percentile

Risk Scores

EPSS Score

2.34%

85.2th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	libgetdata	0.9.0-2, 0, 0.9.0-2.1
Ubuntu:24.04:LTS	libgetdata	0.11.0-11, 0.11.0-12build1, 0.11.0-12build3
Ubuntu:22.04:LTS	libgetdata	0.11.0-1, 0.11.0-2build1, 0.10.0-10
Ubuntu:25.10	libgetdata	0.11.0-15, 0
Ubuntu:20.04:LTS	libgetdata	0.10.0-6build3, 0.10.0-6build2, 0.10.0-6
Ubuntu:18.04:LTS	libgetdata	0.10.0-3build2, 0

Exploit Intelligence

https://bugzilla.redhat.com/show_bug.cgi?id=1956348 (circl)
[debian-lts-announce] 20210513 [SECURITY] [DLA 2660-1] libgetdata security update (circl)
FEDORA-2021-e2b64c614b (circl)
FEDORA-2021-3b8bb26909 (circl)
FEDORA-2021-197545a753 (circl)

Timeline

May 6, 2021 CVE Published
May 7, 2021 EPSS Score
Jul 10, 2021 EPSS Score
Nov 11, 2021 EPSS Score
Nov 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 12, 2022 EPSS Score
Mar 15, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 16, 2022 EPSS Score
Jul 18, 2022 EPSS Score
Nov 18, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2021-20204 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-20204 third-party-advisory

Open in Interactive Console →