Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 829895 (CVE-2021-3622) - <app-misc/hivex-1.3.21: stack overflow vulnerability
Summary: <app-misc/hivex-1.3.21: stack overflow vulnerability
Status: RESOLVED FIXED
Alias: CVE-2021-3622
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://github.com/libguestfs/hivex/c...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-24 04:50 UTC by John Helmert III
Modified: 2023-10-01 08:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-24 04:50:15 UTC 
CVE-2021-3622:

A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.

Fix in 1.3.21.
Comment 1 Larry the Git Cow gentoo-dev 2022-05-16 05:10:46 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ce015eb0250ff86761763e403def26e9bb9db039

commit ce015eb0250ff86761763e403def26e9bb9db039
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-05-16 04:46:37 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-05-16 04:46:37 +0000

    app-misc/hivex: add 1.3.21
    
    Bug: https://bugs.gentoo.org/829895
    Signed-off-by: Sam James <sam@gentoo.org>

 app-misc/hivex/Manifest            |   1 +
 app-misc/hivex/hivex-1.3.21.ebuild | 124 +++++++++++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+)
Comment 2 Hans de Graaff gentoo-dev Security 2023-10-01 08:49:46 UTC 
commit 87dc8b4022bcfe16d58c8ed2ab9bd2ea57dd6eee
Author: Sam James <sam@gentoo.org>
Date:   Sat Mar 25 12:10:56 2023 +0000

    app-misc/hivex: drop 1.3.20, 1.3.21