VDB

CVE-2021-40647

CVE-2021-40647 PUBLISHED

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.

EPSS 0.03% · 10.2th percentile

Risk Scores

EPSS Score
0.03%
10.2th percentile

Affected Products

VendorProductVersions
n/an/an/a
man2html_projectman2html*

Timeline

  • Sep 9, 2022 CVE Published
  • Sep 10, 2022 EPSS Score
  • Oct 25, 2022 EPSS Score
  • Dec 9, 2022 EPSS Score
  • Jan 23, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 9, 2023 EPSS Score
  • Apr 24, 2023 EPSS Score
  • Jun 8, 2023 EPSS Score
  • Jul 23, 2023 EPSS Score
  • Sep 6, 2023 EPSS Score
  • Oct 21, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›