Heap Memory Corruption Vulnerability in libgetdata v0.10.0

Heap Memory Corruption Vulnerability in libgetdata v0.10.0

CVE-2021-20204 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.

Learn more about our Web Application Penetration Testing UK.