CVE-2021-31845
HIGHMcafee Data Loss Prevention Discover < 11.6.100 - Buffer Overflow
Title source: ruleDescription
A buffer overflow vulnerability in McAfee Data Loss Prevention (DLP) Discover prior to 11.6.100 allows an attacker in the same network as the DLP Discover to execute arbitrary code through placing carefully constructed Ami Pro (.sam) files onto a machine and having DLP Discover scan it, leading to remote code execution with elevated privileges. This is caused by the destination buffer being of fixed size and incorrect checks being made on the source size.
References (1)
Core 1
Core References
Broken Link x_refsource_confirm
https://kc.mcafee.com/corporate/index?page=content&id=SB10368
Scores
CVSS v3
8.4
EPSS
0.0096
EPSS Percentile
76.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (1)
mcafee/data_loss_prevention_discover
< 11.6.100
Published
Sep 17, 2021
Tracked Since
Feb 18, 2026