InsydeH2O up to 05.51.24 SWSMI SdHostDriver CommBufferData buffer overflow

Summaryinfo

A vulnerability has been found in InsydeH2O up to 05.16.24/05.26.24/05.35.24/05.43.24/05.51.24 and classified as critical. This vulnerability affects the function SdHostDriver of the component SWSMI Handler. The manipulation of the argument CommBufferData leads to buffer overflow. This vulnerability is documented as CVE-2021-45971. There is not any exploit available. The affected component should be upgraded.

Detailsinfo

A vulnerability, which was classified as critical, has been found in InsydeH2O up to 05.16.24/05.26.24/05.35.24/05.43.24/05.51.24. This issue affects the function SdHostDriver of the component SWSMI Handler. The manipulation of the argument CommBufferData with an unknown input leads to a buffer overflow vulnerability. Using CWE to declare the problem leads to CWE-120. The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. Impacted is confidentiality, integrity, and availability.

The weakness was released 01/06/2022. It is possible to read the advisory at insyde.com. The identification of this vulnerability is CVE-2021-45971 since 01/01/2022. Technical details of the vulnerability are known, but there is no available exploit.

Upgrading to version 05.16.25, 05.26.25, 05.35.25, 05.43.25 or 05.51.25 eliminates this vulnerability.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Name

• InsydeH2O

Version

• 05.16.0
• 05.16.1
• 05.16.2
• 05.16.3
• 05.16.4
• 05.16.5
• 05.16.6
• 05.16.7
• 05.16.8
• 05.16.9
• 05.16.10
• 05.16.11
• 05.16.12
• 05.16.13
• 05.16.14
• 05.16.15
• 05.16.16
• 05.16.17
• 05.16.18
• 05.16.19
• 05.16.20
• 05.16.21
• 05.16.22
• 05.16.23
• 05.16.24
• 05.26.0
• 05.26.1
• 05.26.2
• 05.26.3
• 05.26.4
• 05.26.5
• 05.26.6
• 05.26.7
• 05.26.8
• 05.26.9
• 05.26.10
• 05.26.11
• 05.26.12
• 05.26.13
• 05.26.14
• 05.26.15
• 05.26.16
• 05.26.17
• 05.26.18
• 05.26.19
• 05.26.20
• 05.26.21
• 05.26.22
• 05.26.23
• 05.26.24
• 05.35.0
• 05.35.1
• 05.35.2
• 05.35.3
• 05.35.4
• 05.35.5
• 05.35.6
• 05.35.7
• 05.35.8
• 05.35.9
• 05.35.10
• 05.35.11
• 05.35.12
• 05.35.13
• 05.35.14
• 05.35.15
• 05.35.16
• 05.35.17
• 05.35.18
• 05.35.19
• 05.35.20
• 05.35.21
• 05.35.22
• 05.35.23
• 05.35.24
• 05.43.0
• 05.43.1
• 05.43.2
• 05.43.3
• 05.43.4
• 05.43.5
• 05.43.6
• 05.43.7
• 05.43.8
• 05.43.9
• 05.43.10
• 05.43.11
• 05.43.12
• 05.43.13
• 05.43.14
• 05.43.15
• 05.43.16
• 05.43.17
• 05.43.18
• 05.43.19
• 05.43.20
• 05.43.21
• 05.43.22
• 05.43.23
• 05.43.24
• 05.51.0
• 05.51.1
• 05.51.2
• 05.51.3
• 05.51.4
• 05.51.5
• 05.51.6
• 05.51.7
• 05.51.8
• 05.51.9
• 05.51.10
• 05.51.11
• 05.51.12
• 05.51.13
• 05.51.14
• 05.51.15
• 05.51.16
• 05.51.17
• 05.51.18
• 05.51.19
• 05.51.20
• 05.51.21
• 05.51.22
• 05.51.23
• 05.51.24

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion