CVE-2021-20204 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-20204 Interim 1 6 2025-02-17T00:55:49Z current 2021-05-30T14:47:06Z 2025-02-17T00:55:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-20204 A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DLVFS4U5WQY3UT4TIXF3TKNGVMQCDKHC/ E-Mail link for openSUSE-SU-2021:1645-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 15.2 getdata-0.11.0-lp152.4.3.1 getdata-devel-0.11.0-lp152.4.3.1 getdata-doc-0.11.0-lp152.4.3.1 libf95getdata7-0.11.0-lp152.4.3.1 libfgetdata6-0.11.0-lp152.4.3.1 libgetdata++7-0.11.0-lp152.4.3.1 libgetdata8-0.11.0-lp152.4.3.1 perl-getdata-0.11.0-lp152.4.3.1 python-getdata-0.11.0-lp152.4.3.1 getdata-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 getdata-devel-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 getdata-doc-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 libf95getdata7-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 libfgetdata6-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 libgetdata++7-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 libgetdata8-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 perl-getdata-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 python-getdata-0.11.0-lp152.4.3.1 as a component of openSUSE Leap 15.2 A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker. CVE-2021-20204 openSUSE Leap 15.2:getdata-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:getdata-devel-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:getdata-doc-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:libf95getdata7-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:libfgetdata6-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:libgetdata++7-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:libgetdata8-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:perl-getdata-0.11.0-lp152.4.3.1 openSUSE Leap 15.2:python-getdata-0.11.0-lp152.4.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H