{"id":"CVE-2021-3622","details":"A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the _get_children() function, leading to a stack overflow. The highest threat from this vulnerability is to system availability.","modified":"2026-04-16T00:04:34.783728922Z","published":"2021-12-23T21:15:08.970Z","related":["ALSA-2022:1759","SUSE-SU-2021:3201-1","SUSE-SU-2021:3201-2","SUSE-SU-2021:3210-1","openSUSE-SU-2021:1319-1","openSUSE-SU-2021:3201-1","openSUSE-SU-2024:10845-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"33"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"34"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","extracted_events":[{"last_affected":"8.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*","extracted_events":[{"last_affected":"8.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"7.0"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S35TVTAPHORSUIFYNFBHKLQRPVFUPXBE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/USD4OEV6L3RPHE32V2MJ4JPFBODINWSU/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975489"},{"type":"FIX","url":"https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255"},{"type":"FIX","url":"https://listman.redhat.com/archives/libguestfs/2021-August/msg00002.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libguestfs/hivex","events":[{"introduced":"0"},{"fixed":"ace0be49b52943240f6c461e31e84f104b8ef443"},{"fixed":"771728218dac2fbf6997a7e53225e75a4c6b7255"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"cpe":"cpe:2.3:a:redhat:hivex:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.3.21"}]}}],"versions":["1.1.0","1.1.1","1.1.2","1.2.0","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.3.0","1.3.1","1.3.10","1.3.11","1.3.12","1.3.13","1.3.19","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","v1.3.14","v1.3.15","v1.3.16","v1.3.17","v1.3.18","v1.3.19","v1.3.20"],"database_specific":{"vanir_signatures":[{"digest":{"length":2324,"function_hash":"138394577735161663126852814952112072419"},"source":"https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255","target":{"function":"_get_children","file":"lib/node.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2021-3622-066ab8c3"},{"digest":{"line_hashes":["74309310395030575337290169571303175705","233451100487387596963065481564458646252","87209965537219425312944453589324538996","75759970310467413331686537479272587427","325938084959474812814722037016182574393","55030333524285549612708431989715222969","189692135388723762671179049222014938680","268347765392776722820548116078944858468","68860408180380056120812084260736257586","101506122728373862828355737642028729389","261104001740472006705787271478211920945","102517267821207842162073957347805317418","277520334333955264787363960026410344983","131722666974530336955358580486147791888","154045439088021880170804602014951719044","183394433316313172637662585870132332815"],"threshold":0.9},"source":"https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255","target":{"file":"lib/node.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2021-3622-5c7db85f"},{"digest":{"length":1790,"function_hash":"171072671982664405333538485700709584878"},"source":"https://github.com/libguestfs/hivex/commit/771728218dac2fbf6997a7e53225e75a4c6b7255","target":{"function":"_hivex_get_children","file":"lib/node.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2021-3622-c3d94877"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3622.json","vanir_signatures_modified":"2026-04-12T00:39:32Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}]}