MidnightBSD

Advisories for halibut_project

CVE-2021-42612 MEDIUM

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
halibut_project halibut 1.2
fedoraproject fedora 35
CVE-2021-42613 MEDIUM

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-415,

Products Affected

Vendor Product Version
halibut_project halibut 1.2
fedoraproject fedora 35
CVE-2021-42614 MEDIUM

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
halibut_project halibut 1.2
fedoraproject fedora 35