CVE-2021-30184

Public Exploit

Description

GNU Chess 6.2.7 allows attackers to execute arbitrary code via crafted PGN (Portable Game Notation) data. This is related to a buffer overflow in the use of a .tmp.epd temporary file in the cmd_pgnload and cmd_pgnreplay functions in frontend/cmd.cc.

References

Link	Tags
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00000.html	mailing list patch vendor advisory exploit
https://lists.gnu.org/archive/html/bug-gnu-chess/2021-04/msg00001.html	mailing list exploit vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXOTMUSBVUZNA3JMPG6BU37DQW2YOJWS/	vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QC74RWMDLSQGV6Z3ZABNTPABB33S4YNF/	vendor advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SOGPLC77ZL2FACSOE5MWDS3YH3RBNQAQ/	vendor advisory
https://security.gentoo.org/glsa/202107-28	third party advisory vendor advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00007.html

Frequently Asked Questions

What is the severity of CVE-2021-30184?: CVE-2021-30184 has been scored as a high severity vulnerability.
How to fix CVE-2021-30184?: To fix CVE-2021-30184, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-30184 being actively exploited in the wild?: It is possible that CVE-2021-30184 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-120 – Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Frequently Asked Questions