Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-42197
CVE-2021-42197:
NixOS vulnerability analysis and mitigation
Overview
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution (NVD, GitHub Issue).
Technical details
The vulnerability is tracked as CVE-2021-42197 and affects swftools versions up to and including 20201222. The issue involves memory leaks detected by AddressSanitizer, specifically an indirect leak of 63,245 bytes in 2 objects and 144 bytes in 3 objects, allocated through rfxalloc and rfxcalloc functions respectively. The CVSS v3.1 base score is 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).
Impact
The vulnerability can lead to memory resource exhaustion and potential code execution in the context of the current user. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management