CVE-2021-40401 : A use-after-free vulnerability exists in the RS-274X aperture definition tokeniz

A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

Published 2022-02-04 23:15:12

Updated 2023-06-26 18:45:58

Source Talos

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2021-40401

Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Matching versions
Gerbv Project » Gerbv » Version: 2.7.0
cpe:2.3:a:gerbv_project:gerbv:2.7.0:-:*:*:*:*:*:*
Matching versions
Gerbv Project » Gerbv » Version: 2.7.1 Update Forked Dev
cpe:2.3:a:gerbv_project:gerbv:2.7.1:forked_dev:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-40401

EPSS FAQ

0.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 48 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-40401

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
10.0	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H	3.9	6.0	Talos
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Changed Confidentiality: High Integrity: Low Availability: High
8.6	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	1.8	6.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-40401

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Assigned by:
- nvd@nist.gov (Primary)
- talos-cna@cisco.com (Secondary)
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Assigned by: nvd@nist.gov (Secondary)

References for CVE-2021-40401

https://www.debian.org/security/2022/dsa-5306

Debian -- Security Information -- DSA-5306-1 gerbv
Third Party Advisory

CVEs referencing this url
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1415

TALOS-2021-1415 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence
Exploit;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/

[SECURITY] Fedora 36 Update: gerbv-2.9.2-1.fc36 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-40401

Products affected by CVE-2021-40401

Exploit prediction scoring system (EPSS) score for CVE-2021-40401

CVSS scores for CVE-2021-40401

CWE ids for CVE-2021-40401

References for CVE-2021-40401