CVE-2021-35344

CRITICAL

tsMuxer 2.6.16 - Heap-Based Buffer Overflow in BitStreamReader::getCurVal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-35344. PoCs published by cemonatk.

AI-analyzed exploit summary This repository contains a detailed technical analysis of CVE-2021-35344, a heap-based buffer overflow in tsMuxer v2.6.16. It includes an ASAN output, backtrace, and references to the original report and patch, but does not include functional exploit code.

Description

tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h.

Exploits (1)

github WRITEUP 3 stars

by cemonatk · poc

https://github.com/cemonatk/onefuzzyway/tree/main/CVEs/tsMuxer/CVE-2021-35344.md

View Code ZIP pw:eip

This repository contains a detailed technical analysis of CVE-2021-35344, a heap-based buffer overflow in tsMuxer v2.6.16. It includes an ASAN output, backtrace, and references to the original report and patch, but does not include functional exploit code.

Classification

Writeup 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: tsMuxer v2.6.16

No auth needed

Prerequisites: malformed input file

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Apr 29, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/justdan96/tsMuxer/issues/432

Patch, Third Party Advisory x_refsource_misc

https://github.com/justdan96/tsMuxer/pull/439/commits/3a889a37b5b74a45025aca13ebda394b8f706ef3

Scores

CVSS v3 9.8

EPSS 0.0173

EPSS Percentile 74.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (1)

tsmuxer_project/tsmuxer 2.6.16

Published Dec 03, 2021

Tracked Since Feb 18, 2026