CVE-2021-3622: A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability. Fix in 1.3.21.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce015eb0250ff86761763e403def26e9bb9db039 commit ce015eb0250ff86761763e403def26e9bb9db039 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-05-16 04:46:37 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-05-16 04:46:37 +0000 app-misc/hivex: add 1.3.21 Bug: https://bugs.gentoo.org/829895 Signed-off-by: Sam James <sam@gentoo.org> app-misc/hivex/Manifest | 1 + app-misc/hivex/hivex-1.3.21.ebuild | 124 +++++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+)
commit 87dc8b4022bcfe16d58c8ed2ab9bd2ea57dd6eee Author: Sam James <sam@gentoo.org> Date: Sat Mar 25 12:10:56 2023 +0000 app-misc/hivex: drop 1.3.20, 1.3.21