CVE-2021-4286

Summary

A vulnerability, which was classified as problematic, has been found in cocagne pysrp up to 1.0.16. This issue affects the function calculate_x of the file srp/_ctsrp.py. The manipulation leads to information exposure through discrepancy. Upgrading to version 1.0.17 is able to address this issue. The name of the patch is dba52642f5e95d3da7af1780561213ee6053195f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216875.

Affected Software

VendorProductVersion RangeStatus
cocagnepysrp1.0.0affected
cocagnepysrp1.0.1affected
cocagnepysrp1.0.2affected
cocagnepysrp1.0.3affected
cocagnepysrp1.0.4affected
cocagnepysrp1.0.5affected
cocagnepysrp1.0.6affected
cocagnepysrp1.0.7affected
cocagnepysrp1.0.8affected
cocagnepysrp1.0.9affected
cocagnepysrp1.0.10affected
cocagnepysrp1.0.11affected
cocagnepysrp1.0.12affected
cocagnepysrp1.0.13affected
cocagnepysrp1.0.14affected
cocagnepysrp1.0.15affected
cocagnepysrp1.0.16affected

Weaknesses

  • CWE-203: CWE-203 Information Exposure Through Discrepancy

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References