CVE-2021-21812

HIGH

AT&T Labs Xmill 0.7 - Stack-based Buffer Overflow via HandleFileArg Command-Line Argument

Title source: llm
STIX 2.1

Description

A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs’ Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a static sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280

Scores

CVSS v3 7.8
EPSS 0.0033
EPSS Percentile 25.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
att/xmill 0.7
Published Aug 13, 2021
Tracked Since Feb 18, 2026