GSA_kwCzR0hTQS02bW1mLXY1cTctdncyd84AAqut

High CVSS: 8.7 EPSS: 0.00363% (0.57556 Percentile) EPSS:

Permalink JSON

Asterix Heap-based Buffer Overflow

Affected Packages	Affected Versions	Fixed Versions
pypi:asterix_decoder PURL: `pkg:pypi/asterix-decoder`	< 0.7.2	0.7.2
0 Dependent packages 1 Dependent repositories 2,681 Downloads last month Affected Version Ranges All affected versions All unaffected versions

Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.

References:

https://nvd.nist.gov/vuln/detail/CVE-2021-44144
https://github.com/CroatiaControlLtd/asterix/issues/183
https://github.com/CroatiaControlLtd/asterix/commit/3f765d387d239ccc44e278a2ffa600fb6a6587f9
https://github.com/CroatiaControlLtd/asterix/blob/daf33de522d1cdab0e941c025b89e18a0d4d42c6/README.md?plain=1#L7
https://web.archive.org/web/20221207104133/https://huntr.dev/bounties/1-other-CroatiaControlLtd/asterix
https://github.com/pypa/advisory-database/tree/main/vulns/asterix-decoder/PYSEC-2021-860.yaml
https://github.com/advisories/GHSA-6mmf-v5q7-vw2w

Identifiers

GHSA-6mmf-v5q7-vw2w

CVE-2021-44144

Risk

Severity

High

CVSS

CVSS Score: 8.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00363

EPSS Percentile: 0.57556

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/CroatiaControlLtd/asterix

Date and time

Published

over 3 years ago

Updated

12 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories