Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-36977
CVE-2021-36977:
NixOS vulnerability analysis and mitigation
Overview
CVE-2021-36977 affects matio (MAT File I/O Library) versions 1.5.20 and 1.5.21. The vulnerability is a heap-based buffer overflow in the H5MMmemcpy function, which is called from H5MMmalloc and H5Cloadentry functions. This issue is specifically related to the use of HDF5 1.12.0 library dependency (NVD, OSS-Fuzz).
Technical details
The vulnerability is classified with a CVSS v3.1 Base Score of 6.5 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The attack vector is network-based, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but high impact on availability (NVD).
Impact
The vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. The heap-based buffer overflow could lead to program crashes or potential denial of service conditions (NVD).
Mitigation and workarounds
The vulnerability was fixed when the libhdf5 dependency was updated from v1.12.0 to v1.12.1. Users should update to a version of matio that uses HDF5 1.12.1 or later (OSS-Fuzz).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management