Home / Early Warning / Vulnerabilidades / CVE-2021-43539

CVE-2021-43539

Type: 
Use After Free
Severity: 
Medium
Publication date: 
12/08/2021
Last modified: 
03/16/2022
Description
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird
Impact
Access Vector: Through network
Access Complexity: Media
Authentication: Not required to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields