Vulnerability CVE-2021-20304

Vulnerability Name:

CVE-2021-20304 (CCN-211331)

Assigned:

2020-12-17

Published:

2021-02-14

Updated:

2022-12-07

Summary:

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-20304

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Exploit, Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Red Hat Bugzilla Bug 1939157
(CVE-2021-20304) - CVE-2021-20304 OpenEXR: Undefined-shift in Imf_2_5::hufDecode

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
openexr-cve202120304-dos(211331)

Source: CCN
Type: OpenEXR GIT Repository
check for valid Huf code lengths (#849)

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:openexr:openexr:3.0.0:beta:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7908	P	libIlmImf-2_2-23-2.2.1-3.41.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51949	P	Security update for libarchive (Moderate)	2022-11-10
oval:org.opensuse.security:def:6139	P	Security update for ucode-intel (Moderate)	2022-08-18
oval:org.opensuse.security:def:3290	P	libxslt-tools-1.1.28-17.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94794	P	python3-PyYAML-5.4.1-1.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94920	P	libIlmImf-2_2-23-2.2.1-3.41.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95357	P	Security update for protobuf (Moderate)	2022-03-30
oval:org.opensuse.security:def:100030	P	(Moderate)	2021-12-13
oval:org.opensuse.security:def:93274	P	(Moderate)	2021-12-03
oval:org.opensuse.security:def:41170	P	Security update for OpenEXR (Moderate)	2021-12-01
oval:org.opensuse.security:def:44399	P	Security update for OpenEXR (Moderate)	2021-12-01
oval:org.opensuse.security:def:38065	P	Security update for OpenEXR (Moderate)	2021-12-01
oval:org.opensuse.security:def:45600	P	Security update for OpenEXR (Moderate)	2021-12-01
oval:org.opensuse.security:def:38680	P	Security update for OpenEXR (Moderate)	2021-12-01
oval:org.opensuse.security:def:39969	P	Security update for OpenEXR (Moderate)	2021-12-01
oval:org.opensuse.security:def:43110	P	Security update for OpenEXR (Moderate)	2021-12-01
oval:org.opensuse.security:def:102070	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:101507	P	Security update for libcroco (Moderate)	2021-09-16
oval:org.opensuse.security:def:35263	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:61086	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:89444	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31262	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:57085	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:85726	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:33708	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:59531	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:88182	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:29416	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:55239	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:83448	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:125594	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:31676	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:57499	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:86140	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:23663	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:33966	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:59789	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:88496	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:30121	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:55944	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:84204	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:126762	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:32178	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:58001	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:86642	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:23961	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:51651	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:82623	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:5101	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:34524	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:60347	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:89186	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:30241	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:56064	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:84661	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:127159	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:32991	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:58814	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:87455	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:26114	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:83328	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:111029	P	Security update for openexr (Important)	2021-08-25
oval:org.opensuse.security:def:10137	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:92180	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:67228	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:99521	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:75966	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:92968	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:9383	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:70277	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:4149	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:65238	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:98935	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:111675	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:10322	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:92372	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:8639	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:69523	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:99720	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:76296	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:93121	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:9572	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:70462	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:101718	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:4214	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:65303	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:99130	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:108173	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:74306	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:92571	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:8824	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:69712	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:9771	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:91985	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:1027	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:5809	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:66898	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:99322	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:108736	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:74371	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:92770	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:117687	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:9019	P	Security update for openexr (Important)	2021-08-20
oval:org.opensuse.security:def:69911	P	Security update for openexr (Important)	2021-08-20

BACK