CVE-2021-36979

low-risk
Published 2021-07-20

Unicorn Engine 1.0.2 has an out-of-bounds write in tb_flush_armeb (called from cpu_arm_exec_armeb and tcg_cpu_exec_armeb).

Do I need to act?

-
0.21% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
LOCAL / LOW complexity

Affected Products (2)

Unicorn Engine

Affected Vendors

Fedoraproject Unicorn-Engine

References (8)

Issue Tracking https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30391
Third Party Advisory https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unicorn/OSV-2020-2305.y...
Patch https://github.com/unicorn-engine/unicorn/commit/bf1713d9e011b55ca1f502a6779fc47...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Issue Tracking https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30391
Third Party Advisory https://github.com/google/oss-fuzz-vulns/blob/main/vulns/unicorn/OSV-2020-2305.y...
Patch https://github.com/unicorn-engine/unicorn/commit/bf1713d9e011b55ca1f502a6779fc47...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
26
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 7/34 · Low