{"containers": {"cna": {"affected": [{"product": "EDK II", "vendor": "TianoCore", "versions": [{"status": "affected", "version": "edk2-stable202008"}]}], "descriptions": [{"lang": "en", "value": "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function.", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-11T15:11:23", "orgId": "65518388-201a-4f93-8712-366d21fe8d2c", "shortName": "TianoCore"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "infosec@edk2.groups.io", "ID": "CVE-2021-28211", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EDK II", "version": {"version_data": [{"version_affected": "=", "version_value": "edk2-stable202008"}]}}]}, "vendor_name": "TianoCore"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "A case of CWE-122 is occurring in the LzmaUefiDecompressGetInfo function."}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816", "refsource": "MISC", "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:40:13.314Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"}]}]}, "cveMetadata": {"assignerOrgId": "65518388-201a-4f93-8712-366d21fe8d2c", "assignerShortName": "TianoCore", "cveId": "CVE-2021-28211", "datePublished": "2021-06-11T15:11:23", "dateReserved": "2021-03-12T00:00:00", "dateUpdated": "2024-08-03T21:40:13.314Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tianocore:edk2:202008:*:*:*:*:*:*:*", "matchCriteriaId": "1C45BEB6-1F89-4813-B2CF-90639F9CE525", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A heap overflow in LzmaUefiDecompressGetInfo function in EDK II."}, {"lang": "es", "value": "Un desbordamiento de la pila en la funci\u00f3n zmaUefiDecompressGetInfo en EDK II"}], "id": "CVE-2021-28211", "lastModified": "2024-11-21T05:59:22.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-11T16:15:12.503", "references": [{"source": "infosec@edk2.groups.io", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1816"}], "sourceIdentifier": "infosec@edk2.groups.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "infosec@edk2.groups.io", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:2591", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "edk2-0:20200602gitca407c7246bf-4.el8_4.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-06-29T00:00:00Z"}], "bugzilla": {"description": "edk2: possible heap corruption with LzmaUefiDecompressGetInfo", "id": "1883529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883529"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.7", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-120", "details": ["A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.", "A flaw was found in edk2. A possible heap corruption in LzmaUefiDecompressGetInfo function may allow an attacker to execute code on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."], "name": "CVE-2021-28211", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "ovmf", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "edk2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2020-11-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-28211\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-28211"], "threat_severity": "Moderate"}