Use-After-Free Vulnerability in GNU Recutils Product by GNU
CVE-2021-46022

5.5MEDIUM

Key Information:

Vendor
Gnu
Status
Recutils
Vendor
CVE Published:
14 January 2022

Summary

The Use-After-Free vulnerability in the rec_mset_elem_destroy() function within rec-mset.c of GNU Recutils v1.8.90 can result in an application crash or segmentation fault. This flaw arises when memory is improperly managed, leading to the potential for unauthorized memory access. Users of affected versions should promptly apply available patches to mitigate risks.

References

https://lists.gnu.org/archive/html/bug-recutils/2021-12/m...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.