 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2021-3782 |
| Description: | An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.2.2023.1519 1.3.6.1.4.1.25623.1.1.12.2022.5614.1 1.3.6.1.4.1.25623.1.1.4.2023.1864.1 1.3.6.1.4.1.25623.1.1.2.2022.2784 1.3.6.1.4.1.25623.1.1.2.2022.2862 1.3.6.1.4.1.25623.1.1.2.2023.1159 1.3.6.1.4.1.25623.1.1.2.2023.1180 1.3.6.1.4.1.25623.1.1.12.2022.5614.2 1.3.6.1.4.1.25623.1.1.2.2023.1239 1.3.6.1.4.1.25623.1.1.2.2023.1343 1.3.6.1.4.1.25623.1.1.2.2023.1209 1.3.6.1.4.1.25623.1.1.2.2022.2749 1.3.6.1.4.1.25623.1.1.2.2023.1710 1.3.6.1.4.1.25623.1.1.10.2022.0418 1.3.6.1.4.1.25623.1.1.2.2022.2836 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-3782 https://gitlab.freedesktop.org/wayland/wayland/-/issues/224 https://gitlab.freedesktop.org/wayland/wayland/-/issues/224 |