vulnerability
FreeBSD: VID-d487d4fc-43a8-11ed-8b01-b42e991fc52e (CVE-2021-41253): zydis -- heap buffer overflow
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Oct 4, 2022 | Nov 4, 2022 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Oct 4, 2022
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Zyantific reports: Zydis users of versions v3.2.0 and older that use the string functions provided in zycore in order to append untrusted user data to the formatter buffer within their custom formatter hooks can run into heap buffer overflows. Older versions of Zydis failed to properly initialize the string object within the formatter buffer, forgetting to initialize a few fields, leaving their value to chance. This could then in turn cause zycore functions like ZyanStringAppend to make incorrect calculations for the new target size, resulting in heap memory corruption.
Solution
freebsd-upgrade-package-zydis
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.