Sign-up

ID

VAR-202106-0880


CVE

CVE-2021-0086


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.53

sources: NVD: CVE-2021-0086 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-371655

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:intelmodel:pentium processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:core processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:itanium processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:brand verification toolscope:ltversion:11.0.0.1225

Trust: 1.0

vendor:intelmodel:celeron processorsscope:eqversion: -

Trust: 1.0

vendor:intelmodel:xeon processorsscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:33

Trust: 1.0

sources: NVD: CVE-2021-0086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0086
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-625
value: MEDIUM

Trust: 0.6

VULHUB: VHN-371655
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-0086
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-371655
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-0086
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-371655 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-625 // NVD: CVE-2021-0086

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.1

sources: VULHUB: VHN-371655 // NVD: CVE-2021-0086

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-625

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Intel Processors Fixes for permissions and access control issues vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=154309

Trust: 0.6

sources: CNNVD: CNNVD-202106-625

EXTERNAL IDS

db:NVDid:CVE-2021-0086

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/06/10/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/06/09/2

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2021/06/08/7

Trust: 1.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2023.2479

Trust: 0.6

db:AUSCERTid:ESB-2021.3020

Trust: 0.6

db:AUSCERTid:ESB-2021.2000

Trust: 0.6

db:AUSCERTid:ESB-2021.2000.2

Trust: 0.6

db:CS-HELPid:SB2021061407

Trust: 0.6

db:LENOVOid:LEN-60191

Trust: 0.6

db:CNNVDid:CNNVD-202106-625

Trust: 0.6

db:VULHUBid:VHN-371655

Trust: 0.1

sources: VULHUB: VHN-371655 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-625 // NVD: CVE-2021-0086

REFERENCES

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00516.html

Trust: 1.7

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00546.html

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/06/08/7

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/06/09/2

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2021/06/10/1

Trust: 1.7

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/h36u6cnrec436w6gyo7qumjivea35scv/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sva2ny26mmxoodumyzn5dcu3fxmbmbob/

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/h36u6cnrec436w6gyo7qumjivea35scv/

Trust: 0.7

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sva2ny26mmxoodumyzn5dcu3fxmbmbob/

Trust: 0.7

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2000

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2000.2

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-60191

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021061407

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.2479

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3020

Trust: 0.6

sources: VULHUB: VHN-371655 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-625 // NVD: CVE-2021-0086

SOURCES

db:VULHUBid:VHN-371655
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202106-625
db:NVDid:CVE-2021-0086

LAST UPDATE DATE

2024-08-14T13:06:07.808000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-371655date:2021-07-01T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202106-625date:2023-05-04T00:00:00
db:NVDid:CVE-2021-0086date:2023-11-07T03:27:14.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-371655date:2021-06-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202106-625date:2021-06-08T00:00:00
db:NVDid:CVE-2021-0086date:2021-06-09T20:15:08.513