CVE-2021-33035
CVSS V2 Medium 6.8
CVSS V3 High 7.8
Description
Apache OpenOffice opens dBase/DBF documents and shows the contents as spreadsheets. DBF are database files with data organized in fields. When reading DBF data the size of certain fields is not checked: the data is just copied into local variables. A carefully crafted document could overflow the allocated space, leading to the execution of arbitrary code by altering the contents of the program stack. This issue affects Apache OpenOffice up to and including version 4.1.10
Overview
- CVE ID
- CVE-2021-33035
- Assigner
- security@apache.org
- Vulnerability Status
- Analyzed
- Published Version
- 2021-09-23T08:15:06
- Last Modified Date
- 2021-12-01T14:15:42
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:* | 1 | OR | 4.1.10 |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:M/Au:N/C:P/I:P/A:P
- Access Vector
- NETWORK
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- PARTIAL
- Integrity Impact
- PARTIAL
- Availability Impact
- PARTIAL
- Base Score
- 6.8
- Severity
- MEDIUM
- Exploitability Score
- 8.6
- Impact Score
- 6.4
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 7.8
- Base Severity
- HIGH
- Exploitability Score
- 1.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/apache/openoffice/commit/efddaef0151af3be16078cc4d88c6bae0f911e56#diff-ea66e734dd358922aba12ad4ba39c96bdc6cbde587d07dbc63d04daa0a30e90f | Patch Third Party Advisory |
| https://lists.apache.org/thread.html/r929c0c6a53cad64a1007b878342756badbb05ddd9b8f31a6d0b424cb@%3Cannounce.apache.org%3E | Mailing List Patch Vendor Advisory |
| https://lists.apache.org/thread.html/r1ab8532e11f41bc7ca057ac7e39cab25f2e1f9d5f4929788ae21c8b9@%3Cusers.openoffice.apache.org%3E | Mailing List Patch Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2021/10/07/3 | Mailing List Patch Third Party Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2021-33035 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33035 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 06:43:53 | Added to TrackCVE | |||
| 2022-12-05 11:10:24 | 2021-09-23T08:15Z | 2021-09-23T08:15:06 | CVE Published Date | updated |
| 2022-12-05 11:10:24 | 2021-12-01T14:15:42 | CVE Modified Date | updated | |
| 2022-12-05 11:10:24 | Analyzed | Vulnerability Status | updated |