How severe is CVE-2021-44078?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2021-44078?

This is classified as CWE-697, which is a common weakness in software security.

CVE-2021-44078 - HIGH Severity | CVSS 8.1

Vulnerability Description

An issue was discovered in split_region in uc.c in Unicorn Engine before 2.0.0-rc5. It allows local attackers to escape the sandbox. An attacker must first obtain the ability to execute crafted code in the target sandbox in order to exploit this vulnerability. The specific flaw exists within the virtual memory manager. The issue results from the faulty comparison of GVA and GPA while calling uc_mem_map_ptr to free part of a claimed memory block. An attacker can leverage this vulnerability to escape the sandbox and execute arbitrary code on the host machine.

Related Vulnerabilities

CVE-2025-3102

HIGH

CVSS:8.1(High)

The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'se...

CWE-6972025

CVE-2020-10024

HIGH

CVSS:7.8(High)

The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to t...

CWE-6972020

CVE-2020-10027

HIGH

CVSS:7.8(High)

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and l...

CWE-6972020

CVE-2023-46009

HIGH

CVSS:7.8(High)

gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.

CWE-6972023

CVE-2020-11071

HIGH

CVSS:8.6(High)

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet co...

CWE-6972020

CVE-2020-11072

HIGH

CVSS:8.6(High)

In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow ...

CWE-6972020