CVE-2021-40648 Man2html 1.6g can create a filename to overwrite the size parameter of the next chunk and the fd, bk, fd_nextsize, and bk_nextsize of the current chunk.
This flaw can be used to create a denial of service, or to overwrite arbitrary components of the hard drive. In man2html 1.6g, a bug was found in the size parameters of the chunk metadata.
It was possible to create a large value, which causes the chunk to be split into multiple small ones to meet the size parameter. This allows the attacker to create a large number of small chunks, causing the metadata to grow without limit. A successful attack can lead to an arbitrary amount of memory being consumed by the chunk.
Since the size parameters are sequential, the malicious content can be placed at an arbitrary location in the hard drive.
Any program that reads from the hard drive is at risk of being infected. This can be used to overwrite existing data, or to infect the hard drive of a computer.
This problem was initially found in Windows systems and was then observed in other operating systems as well.
man2html 1.6g also contains a flaw in the way that it closes the connection. If an attacker sends a large number of bytes, the connection will not be closed correctly. The attacker can send an arbitrary amount of data, causing the connection to never be closed. This allows the attacker to send more data, which is put into the hard drive of the victim.
An attacker can use this flaw to send an arbitrary amount of data, which is then placed into the hard drive of the victim. Passwords, financial data
Summary of man2html 1.6g
This flaw can be used to create a denial of service, or to overwrite arbitrary components of the hard drive. In man2html 1.6g, a bug was found in the size parameters of the chunk metadata. It was possible to create a large value, which causes the chunk to be split into multiple small ones to meet the size parameter. This allows the attacker to create a large number of small chunks, causing the metadata to grow without limit. A successful attack can lead to an arbitrary amount of memory being consumed by the chunk.
Since the size parameters are sequential, the malicious content can be placed at an arbitrary location in the hard drive. Any program that reads from the hard drive is at risk of being infected. This can be used to overwrite existing data, or to infect the hard drive of a computer. This problem was initially found in Windows systems and was then observed in other operating systems as well. man2html 1.6g also contains a flaw in the way that it closes the connection if it receives an extremely large number of bytes with this bug (about 100 MB). The attacker sends this huge amount data and can send more data as well which is put into your computer's hard drive without your knowledge or consent (while you may not know anything is happening).
man2html 1.6f: CVE-2021-40648
This flaw can be used to create a denial of service, or to overwrite arbitrary components of the hard drive. In man2html 1.6f, a bug was found in the size parameters of the chunk metadata.
It was possible to create a large value, which causes the chunk to be split into multiple small ones to meet the size parameter. This allows the attacker to create a large number of small chunks, causing the metadata to grow without limit. A successful attack can lead to an arbitrary amount of memory being consumed by the chunk.
Since the size parameters are sequential, the malicious content can be placed at an arbitrary location in the hard drive. Any program that reads from the hard drive is at risk of being infected. This can be used to overwrite existing data, or to infect the hard drive of a computer.
This problem was initially found in Windows systems and was then observed in other operating systems as well. man2html 1.6f also contains a flaw in the way that it closes the connection. If an attacker sends a large number of bytes, the connection will not be closed correctly. The attacker can send an arbitrary amount of data, causing the connection to never be closed. This allows the attacker to send more data, which is put into the hard drive of the victim.
An attacker can use this flaw to send an arbitrary amount of data, which is then placed into your hard disk
Timeline
Published on: 09/09/2022 18:15:00 UTC
Last modified on: 09/14/2022 19:52:00 UTC