CVE-2021-33897 - Vulnerability Details - OpenCVE

A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Synthesiagame	Synthesia

Configuration 1 [-]

cpe:2.3:a:synthesiagame:synthesia:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://isopach.dev/CVE-2021-33897
https://synthesiagame.com/news

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-17T00:00:00

Updated: 2024-08-04T00:05:52.451Z

Reserved: 2021-06-06T00:00:00

Link: CVE-2021-33897

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-17T21:15:12.350

Modified: 2024-11-21T06:09:44.400

Link: CVE-2021-33897

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synthesiagame:synthesia:*:*:*:*:*:*:*:*", "matchCriteriaId": "4713B975-BD98-4198-8DAD-A550D3FFE420", "versionEndIncluding": "10.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer en Synthesia anterior a 10.7.5567, cuando se utiliza una configuraci\u00f3n regional no latina, permite a atacantes con la ayuda del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo MIDI manipulado con bytes con un formato incorrecto. Este archivo se maneja mal durante un intento de borrado. En Synthesia anterior a 10.9, un manejo inadecuado de la ruta permite a atacantes locales provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un archivo MIDI manipulado con bytes con formato incorrecto."}], "id": "CVE-2021-33897", "lastModified": "2024-11-21T06:09:44.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-17T21:15:12.350", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://isopach.dev/CVE-2021-33897"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://synthesiagame.com/news"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://isopach.dev/CVE-2021-33897"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://synthesiagame.com/news"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}