Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2021-29508 | First vendor Publication | 2021-05-11 |
Vendor | Cve | Last vendor Modification | 2021-05-25 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.1 | ||
Base Score | 9.1 | Environmental Score | 9.1 |
impact SubScore | 5.2 | Temporal Score | 9.1 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Due to how Wire handles type information in its serialization format, malicious payloads can be passed to a deserializer. e.g. using a surrogate on the sender end, an attacker can pass information about a different type for the receiving end. And by doing so allowing the serializer to create any type on the deserializing end. This is the same issue that exists for .NET BinaryFormatter https://docs.microsoft.com/en-us/visualstudio/code-quality/ca2300?view=vs-2019. This also applies to the fork of Wire. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29508 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-502 | Deserialization of Untrusted Data |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Sources (Detail)
Source | Url |
---|---|
CONFIRM | https://github.com/AsynkronIT/Wire/security/advisories/GHSA-hpw7-3vq3-mmv6 |
MISC | https://www.nuget.org/packages/Wire/ |
Alert History
Date | Informations |
---|---|
2021-05-26 00:22:59 |
|
2021-05-18 01:39:19 |
|
2021-05-18 01:39:10 |
|
2021-05-17 17:22:48 |
|
2021-05-12 00:22:49 |
|