Skip to main content

Gravity CVE-2021-32281

HIGH
Out-of-bounds Write (CWE-787)
2021-09-20 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 20, 2021 - 16:15 nvd
HIGH 7.8

DescriptionNVD

An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution.

AnalysisAI

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. An issue was discovered in gravity through 0.8.1. A heap-buffer-overflow exists in the function gnode_function_add_upvalue located in gravity_ast.c. It allows an attacker to cause code Execution. Affected products include: Creolabs Gravity. Version information: through 0.8.1..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2017-1000073 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary c

CVE-2017-1000172 CRITICAL POC
9.8 Nov 17

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2017-1000173 CRITICAL POC
9.8 Nov 17

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2017-1000075 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8

CVE-2017-1000074 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity

CVE-2017-1000072 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modificati

CVE-2021-32284 HIGH POC
7.8 Sep 20

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio

CVE-2018-13795 HIGH POC
7.5 Jul 09

Gravity before 0.5.1 does not support a maximum recursion depth. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2021-32285 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32283 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32282 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2026-40504 CRITICAL
9.3 Apr 16

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications

Share

CVE-2021-32281 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy