Use-After-Free Vulnerability in GNU Recutils Application
CVE-2021-46021

5.5MEDIUM

Key Information:

Vendor
Gnu
Status
Recutils
Vendor
CVE Published:
14 January 2022

Summary

The Use-After-Free vulnerability in GNU Recutils arises in the rec_record_destroy() function within rec-record.c. This flaw can cause a segmentation fault or lead to an application crash, posing potential risks to systems utilizing this software. It is essential for users to understand the implications of this vulnerability and take appropriate measures, such as applying relevant patches or updates, to mitigate risks.

References

https://lists.gnu.org/archive/html/bug-recutils/2021-12/m...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.