{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-31T23:57:14.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-45941", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml", "refsource": "MISC", "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml"}, {"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957", "refsource": "MISC", "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:54:31.090Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-45941", "datePublished": "2021-12-31T23:57:14.000Z", "dateReserved": "2021-12-31T00:00:00.000Z", "dateUpdated": "2024-08-04T04:54:31.090Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libbpf_project:libbpf:0.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "21A21B76-426F-4B27-929B-2C021CB6AAAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:libbpf_project:libbpf:0.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4F4BED3B-047A-493F-8E60-CB38AC0889E5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c)."}, {"lang": "es", "value": "libbpf 0.6.0 y 0.6.1 presenta un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria (8 bytes) en la funci\u00f3n __bpf_object__open (llamado desde bpf_object__open_mem y bpf-object-fuzzer.c).\n"}], "id": "CVE-2021-45941", "lastModified": "2024-11-21T06:33:19.253", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-01T01:15:08.990", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=40957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libbpf/OSV-2021-1576.yaml"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "libbpf: heap-based buffer overflow (8 bytes) in __bpf_object__open", "id": "2043387", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2043387"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-120->CWE-787", "details": ["libbpf 0.6.0 and 0.6.1 has a heap-based buffer overflow (8 bytes) in __bpf_object__open (called from bpf_object__open_mem and bpf-object-fuzzer.c).", "A flaw was found in libbpf. The vulnerability occurs due to incorrect handling of memory in the __bpf_object__open function and leads to a heap-buffer-overflow. This flaw allows an attacker to execute unauthorized code or commands, read memory, or modify memory."], "name": "CVE-2021-45941", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "libbpf", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "libbpf", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2022-01-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-45941\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-45941"], "statement": "Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-787: Out-of-bounds Write vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\nRed Hat follows best practice and federal requirements for least privilege, allowing only specific processes to be run with isolated accounts specific to the team and federal platforms that have limited privileges that are only used for a single task. The environment leverages file integrity checks and malicious code protections, such as IPS/IDS and antimalware solutions, to help detect and prevent malicious code that attempts to exploit buffer overflow vulnerabilities. Robust input validation and error-handling mechanisms ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks.", "threat_severity": "Moderate"}

{}