CVE-2021-32024 - OpenCVE

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Blackberry	Qnx Software Development Platform

Configuration 1 [-]

cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://support.blackberry.com/kb/articleDetail?articleNumber=000089042

History

No history.

MITRE

Status: PUBLISHED

Assigner: blackberry

Published: 2021-12-13T18:06:24

Updated: 2024-08-03T23:17:27.925Z

Reserved: 2021-05-03T00:00:00

Link: CVE-2021-32024

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-13T19:15:07.840

Modified: 2022-02-08T15:54:42.217

Link: CVE-2021-32024

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BlackBerry QNX Software Development Platform (SDP)", "vendor": "n/a", "versions": [{"status": "affected", "version": "QNX SDP 6.4 to 7.1"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-13T18:06:24", "orgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "shortName": "blackberry"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@blackberry.com", "ID": "CVE-2021-32024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BlackBerry QNX Software Development Platform (SDP)", "version": {"version_data": [{"version_value": "QNX SDP 6.4 to 7.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042", "refsource": "MISC", "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:17:27.925Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}]}]}, "cveMetadata": {"assignerOrgId": "dbe78b00-5e7b-4fda-8748-329789ecfc5c", "assignerShortName": "blackberry", "cveId": "CVE-2021-32024", "datePublished": "2021-12-13T18:06:24", "dateReserved": "2021-05-03T00:00:00", "dateUpdated": "2024-08-03T23:17:27.925Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:blackberry:qnx_software_development_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "6421B8DD-71CF-42E4-8C89-A91E7FFC9D65", "versionEndIncluding": "7.1", "versionStartIncluding": "6.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of the affected process."}, {"lang": "es", "value": "Una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota en el c\u00f3dec de im\u00e1genes BMP de BlackBerry QNX SDP versiones 6.4 a 7.1, podr\u00eda permitir a un atacante ejecutar potencialmente c\u00f3digo en el contexto del proceso afectado"}], "id": "CVE-2021-32024", "lastModified": "2022-02-08T15:54:42.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-13T19:15:07.840", "references": [{"source": "secure@blackberry.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000089042"}], "sourceIdentifier": "secure@blackberry.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}