How severe is CVE-2021-41264?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-41264?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2021-41264

CRITICAL Year: 2021

CVSS v3 Score

9.8

Critical

CVSS v2 Score

7.5

High

Weakness Type

CWE-665

View all →

Vulnerability Description

OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using `UUPSUpgradeable` may be vulnerable to an attack affecting uninitialized implementation contracts. A fix is included in version 4.3.2 of `@openzeppelin/contracts` and `@openzeppelin/contracts-upgradeable`. For users unable to upgrade; initialize implementation contracts using `UUPSUpgradeable` by invoking the initializer function (usually called `initialize`). An example is provided [in the forum](https://forum.openzeppelin.com/t/security-advisory-initialize-uups-implementation-contracts/15301).

CVE-2008-0062

CRITICAL

CVSS:9.8(Critical)

KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via c...

CWE-6652008

CVE-2015-8367

CRITICAL

CVSS:9.8(Critical)

The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization.

CWE-6652015

CVE-2017-13715

CRITICAL

CVSS:9.8(Critical)

The __skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel before 4.3 does not ensure that n_proto, ip_proto, and thoff are initialized, which allows remote attackers to cause a ...

CWE-6652017

CVE-2018-11949

CRITICAL

CVSS:9.8(Critical)

Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobil...

CWE-6652018

CVE-2019-10196

CRITICAL

CVSS:9.8(Critical)

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Den...

CWE-6652019

CVE-2019-14271

CRITICAL

CVSS:9.8(Critical)

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the content...

CWE-6652019

CVE-2021-41264

Vulnerability Description

Related Vulnerabilities

CVE-2008-0062

CVE-2015-8367

CVE-2017-13715

CVE-2018-11949

CVE-2019-10196

CVE-2019-14271