CVE-2021-45927

NameCVE-2021-45927
DescriptionMDB Tools (aka mdbtools) 0.9.2 has a stack-based buffer overflow (at 0x7ffd6e029ee0) in mdb_numeric_to_string (called from mdb_xfer_bound_data and _mdb_attempt_bind).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mdbtools (PTS)stretch0.7.1-5undetermined
buster0.7.1-6undetermined
bullseye0.9.1-1undetermined
bookworm, sid1.0.0+dfsg-1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mdbtoolssource(unstable)undetermined

Notes

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36187
check, possibly fixed in 0.9.3, but unclear fixing commit, related to 9b6b52cc8c5838cffeee9388c04890fe1eb73b52?

Search for package or bug name: Reporting problems