CVE-2021-21813

HIGH

AT&T xmill - Stack-Based Buffer Overflow via HandleFileArg Function

Title source: llm
STIX 2.1

Description

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280

Scores

CVSS v3 7.8
EPSS 0.0033
EPSS Percentile 25.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (1)
att/xmill 0.7
Published Aug 13, 2021
Tracked Since Feb 18, 2026