Vulnerability Details : CVE-2021-33318
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
Vulnerability category: Input validation
Products affected by CVE-2021-33318
- cpe:2.3:a:watsonwebserver_project:watsonwebserver:*:*:*:*:*:*:*:*
- cpe:2.3:a:ipmatcher_project:ipmatcher:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-33318
0.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-33318
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2021-33318
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-33318
-
https://github.com/jchristn/WatsonWebserver
GitHub - jchristn/WatsonWebserver: Watson is the fastest, easiest way to build scalable RESTful web servers and services in C#.Third Party Advisory
-
https://github.com/jchristn/IpMatcher/commit/81d77c2f33aa912dbd032b34b9e184fc6e041d89
NuGet v1.0.4.2, fix for SICK-2021-060 · jchristn/IpMatcher@81d77c2 · GitHubPatch;Third Party Advisory
-
https://github.com/jchristn/IpMatcher
GitHub - jchristn/IpMatcher: C# library for maintaining a match list of IP addresses and networks and comparing inputs to see if a match exists.Third Party Advisory
-
https://github.com/kaoudis/advisories/blob/main/0-2021.md
advisories/0-2021.md at main · kaoudis/advisories · GitHubExploit;Third Party Advisory
Jump to