CVE-2021-45959

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-45959
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

03 Jan 2022, 08:15

Type Values Removed Values Added
References
  • {'url': 'https://github.com/fmtlib/fmt/issues/2685', 'name': 'https://github.com/fmtlib/fmt/issues/2685', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36110', 'name': 'https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36110', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fmt/OSV-2021-991.yaml', 'name': 'https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fmt/OSV-2021-991.yaml', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://github.com/fmtlib/fmt/commit/2038bf61831eb8faede0883965364a974d1350fe', 'name': 'https://github.com/fmtlib/fmt/commit/2038bf61831eb8faede0883965364a974d1350fe', 'tags': [], 'refsource': 'MISC'}
Summary ** DISPUTED ** {fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8::detail::dragonbox::umul192_upper64 (called from fmt::v8::detail::dragonbox::cache_accessor<double>::compute_mul and fmt::v8::detail::dragonbox::decimal_fp<double> fmt::v8::detail::dragonbox::to_de). NOTE: the vendor states that "This is one of a series of false positives [caused by a] fuzzing infra issue." ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

02 Jan 2022, 15:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/fmtlib/fmt/issues/2685 -
Summary {fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8::detail::dragonbox::umul192_upper64 (called from fmt::v8::detail::dragonbox::cache_accessor<double>::compute_mul and fmt::v8::detail::dragonbox::decimal_fp<double> fmt::v8::detail::dragonbox::to_de). ** DISPUTED ** {fmt} 7.1.0 through 8.0.1 has a stack-based buffer overflow in fmt::v8::detail::dragonbox::umul192_upper64 (called from fmt::v8::detail::dragonbox::cache_accessor<double>::compute_mul and fmt::v8::detail::dragonbox::decimal_fp<double> fmt::v8::detail::dragonbox::to_de). NOTE: the vendor states that "This is one of a series of false positives [caused by a] fuzzing infra issue."

01 Jan 2022, 00:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-01-01 00:15

Updated : 2024-02-04 22:08

NVD link : CVE-2021-45959

Mitre link : CVE-2021-45959

CVE.ORG link : CVE-2021-45959

JSON object : View

Products Affected

No product.

CWE

No CWE.