CVE-2021-38172

9.8CRITICAL

Key Information

Vendor: Debian
Status: Perm
Vendor: CVE Published:; 5 February 2022

Summary

perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.)

References

https://packages.qa.debian.org/p/perm.html

x_refsource_MISC

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993019

x_refsource_CONFIRM

https://lists.debian.org/debian-med/2021/08/msg00016.html

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 5, 2022
Vulnerability Reserved
Aug 7, 2021

Collectors

NVD DatabaseMitre Database

.