Vulnerability DatabaseCVE-2021-34338

CVE-2021-34338:
Linux Ubuntu vulnerability analysis and mitigation

Overview

Ming 0.4.8 contains an out-of-bounds buffer overwrite vulnerability in the getName() function within the decompiler.c file. The vulnerability was discovered in August 2020 and was assigned CVE-2021-34338. This security flaw affects the Ming library, specifically version 0.4.8, and impacts systems where this software is deployed (AttackerKB, RedHat Bugzilla).

Technical details

The vulnerability is characterized by an out-of-bounds buffer overwrite issue in the getName() function located in util/decompile.c at line 457. When triggered, it results in a direct segmentation fault. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium), with an Impact Score of 3.6 and Exploitability Score of 2.8. The attack vector is network-based, requires low attack complexity, needs no privileges, but does require user interaction (AttackerKB).

Impact

The primary impact of this vulnerability is a denial of service condition through segmentation fault when the affected function is triggered. The CVSS metrics indicate no impact on confidentiality or integrity, but a high impact on availability (AttackerKB).

Mitigation and workarounds

The issue has been reported to the upstream project through their GitHub repository. Users are advised to monitor for updates from their respective distribution vendors (GitHub Issue).

Additional resources

Source: This report was generated using AI

Related Linux Ubuntu vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-21441	HIGH	8.9	Python	rhel8::nginx-124	No	Yes	Jan 07, 2026
CVE-2025-13151	HIGH	7.5	Linux Debian	libtasn1-6	No	Yes	Jan 07, 2026
CVE-2025-68766	HIGH	7.1	Linux Debian	linux-azure-fde	No	Yes	Jan 05, 2026
CVE-2025-68765	MEDIUM	5.5	Linux Debian	linux-azure-fde-6.8	No	Yes	Jan 05, 2026
CVE-2025-68764	MEDIUM	5.5	Linux Kernel	linux-oracle-6.8	No	Yes	Jan 05, 2026