Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Mageia 8: MGASA-2022-0316 Moderate: ytnef Denial Of Service Exploit

mageia
Calendar Grey September 2, 2022
Dist Mageia Esm H88
Mageia security patch MGASA-2022-0316 for ytnef resolves critical issues related to remote code execution and service disruption vulnerabilities.
In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can ...

Summary

In ytnef 1.9.3, the TNEFSubjectHandler function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a double free which can be triggered via a crafted file. (CVE-2021-3403) In ytnef 1.9.3, the SwapWord function in lib/ytnef.c allows remote attackers to cause a denial-of-service (and potentially code execution) due to a heap buffer overflow which can be triggered via a crafted file. (CVE-2021-3404)

References

- https://bugs.mageia.org/show_bug.cgi?id=30735

- https://github.com/Yeraze/ytnef/releases

- https://www.cve.org/CVERecord?id=CVE-2021-3403

- https://www.cve.org/CVERecord?id=CVE-2021-3404

Resolution

SRPMS

- 8/core/ytnef-2.0-1.mga8

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 02 Sep 2022
URL: https://advisories.mageia.org/MGASA-2022-0316.html
Type: security
CVE: CVE-2021-3403, CVE-2021-3404

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.