CVE-2021-44961 - OpenCVE

A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Slic3r	Libslic3r

Configuration 1 [-]

cpe:2.3:a:slic3r:libslic3r:1.3.0:*:*:*:*:*:*:*

References

Link	Resource
http://libslic3r.com	Broken Link
http://slic3r.com	Not Applicable
https://hackmd.io/nDT_UKLyRQendxDwil9A4w	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-03-01T01:45:47

Updated: 2022-03-03T02:19:39

Reserved: 2021-12-13T00:00:00

Link: CVE-2021-44961

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-03-01T02:15:07.460

Modified: 2022-03-08T20:10:56.383

Link: CVE-2021-44961

JSON object: View

Redhat Information

No data.

CWE

CWE-401

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:slic3r:libslic3r:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "188C5C50-5D37-4F11-A4C1-541552348BF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A memory leakage flaw exists in the class PerimeterGenerator of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. Specially crafted stl files can exhaust available memory. An attacker can provide malicious files to trigger this vulnerability."}, {"lang": "es", "value": "Existe un fallo de fuga de memoria en la clase PerimeterGenerator de Slic3r libslic3r 1.3.0 y Master Commit b1a5500. Los archivos stl especialmente dise\u00f1ados pueden agotar la memoria disponible. Un atacante puede proporcionar archivos maliciosos para activar esta vulnerabilidad"}], "id": "CVE-2021-44961", "lastModified": "2022-03-08T20:10:56.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-01T02:15:07.460", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://libslic3r.com"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://slic3r.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackmd.io/nDT_UKLyRQendxDwil9A4w"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}