Vulnerability Details CVE-2021-42917
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
- https://github.com/xbmc/xbmc/commit/48730b64494798705d46dfccc4029bd36d072df3
- https://github.com/xbmc/xbmc/issues/20305
- https://github.com/xbmc/xbmc/pull/20306
- https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html
- https://github.com/fuzzard/xbmc/commit/80c8138c09598e88b4ddb6dbb279fa193bbb3237
- https://github.com/xbmc/xbmc/commit/48730b64494798705d46dfccc4029bd36d072df3
- https://github.com/xbmc/xbmc/issues/20305
- https://github.com/xbmc/xbmc/pull/20306
- https://lists.debian.org/debian-lts-announce/2024/01/msg00009.html
Products affected by CVE-2021-42917
-
cpe:2.3:a:kodi:kodi:11.0
-
cpe:2.3:a:kodi:kodi:12.0
-
cpe:2.3:a:kodi:kodi:12.3
-
cpe:2.3:a:kodi:kodi:13.0
-
cpe:2.3:a:kodi:kodi:13.1
-
cpe:2.3:a:kodi:kodi:13.2
-
cpe:2.3:a:kodi:kodi:14.0
-
cpe:2.3:a:kodi:kodi:14.1
-
cpe:2.3:a:kodi:kodi:14.2
-
cpe:2.3:a:kodi:kodi:15.0
-
cpe:2.3:a:kodi:kodi:15.2
-
cpe:2.3:a:kodi:kodi:16.0
-
cpe:2.3:a:kodi:kodi:16.1
-
cpe:2.3:a:kodi:kodi:17.0
-
cpe:2.3:a:kodi:kodi:17.0.1
-
cpe:2.3:a:kodi:kodi:17.1
-
cpe:2.3:a:kodi:kodi:17.2
-
cpe:2.3:a:kodi:kodi:17.3
-
cpe:2.3:a:kodi:kodi:17.4
-
cpe:2.3:a:kodi:kodi:17.5
-
cpe:2.3:a:kodi:kodi:17.6
-
cpe:2.3:a:kodi:kodi:18.0
-
cpe:2.3:a:kodi:kodi:18.1
-
cpe:2.3:a:kodi:kodi:18.2