CVE-2021-40391 — Vulnetix

CVE-2021-40391 PUBLISHED CVSS 10 CRITICAL

An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

EPSS 0.47% · 65.1th percentile

Risk Scores

CVSS 3.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.47%

65.1th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	36
n/a	Gerbv	*
debian	debian_linux	9.0
gerbv_project	gerbv	2.7.0, 2.7.0, 2.7.0

Exploit Intelligence

https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402 (nist-nvd)
[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update (circl)
FEDORA-2022-4a3ef86baa (circl)

Timeline

Nov 19, 2021 CVE Published
Nov 20, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 10, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Jul 9, 2022 EPSS Score
Aug 24, 2022 EPSS Score
Dec 12, 2022 EPSS Score
Feb 6, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402 url
[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update mailing-list
FEDORA-2022-4a3ef86baa vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-40391 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47 url

Open in Interactive Console →