CVE-2021-40647

EUVD-2021-27821
In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it allows arbitrary write anywhere in the programs memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
man2html_projectman2html
1.6g:g
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
man2html
bookworm
no-dsa
bullseye
no-dsa
buster
no-dsa
sid
1.6g-16
fixed
trixie
1.6g-16
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
man2html
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933