CVE-2021-4327
MEDIUMSerenityOS < 2021-01-27 - Integer Overflow in initialize_typed_array_from_array_buffer
Title source: llmDescription
A vulnerability was found in SerenityOS. It has been rated as critical. Affected by this issue is the function initialize_typed_array_from_array_buffer in the library Userland/Libraries/LibJS/Runtime/TypedArray.cpp. The manipulation leads to integer overflow. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as f6c6047e49f1517778f5565681fb64750b14bf60. It is recommended to apply a patch to fix this issue. VDB-222074 is the identifier assigned to this vulnerability.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.222074
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.222074
Exploit, Third Party Advisory exploit
https://devcraft.io/2021/02/11/serenityos-writing-a-full-chain-exploit.html
Scores
CVSS v3
5.5
EPSS
0.0093
EPSS Percentile
56.1%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-190
Status
published
Products (1)
serenityos/serenityos
< 2021-01-27
Published
Mar 01, 2023
Tracked Since
Feb 18, 2026