In man2html 1.6g, a filename can be created to overwrite the previous size parameter of the next chunk and the fd, bk, fd_nextsize, bk_nextsize of the current chunk. The next chunk is then freed later on, causing a freeing of an arbitrary amount of memory.
References
Link | Resource |
---|---|
https://gist.github.com/untaman/cb58123fe89fc65e3984165db5d40933 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-09-09T17:57:38
Updated: 2022-09-10T02:59:11
Reserved: 2021-09-07T00:00:00
Link: CVE-2021-40648
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-09-09T18:15:09.247
Modified: 2022-09-14T19:52:41.313
Link: CVE-2021-40648
JSON object: View
Redhat Information
No data.
CWE