Skip to main content

Gravity CVE-2021-32284

HIGH
NULL Pointer Dereference (CWE-476)
2021-09-20 cve@mitre.org
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 20, 2021 - 16:15 nvd
HIGH 7.8

DescriptionNVD

An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service.

AnalysisAI

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in gravity through 0.8.1. A NULL pointer dereference exists in the function ircode_register_pop_context_protect() located in gravity_ircode.c. It allows an attacker to cause Denial of Service. Affected products include: Creolabs Gravity. Version information: through 0.8.1..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2017-1000073 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary c

CVE-2017-1000172 CRITICAL POC
9.8 Nov 17

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2017-1000173 CRITICAL POC
9.8 Nov 17

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2017-1000075 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8

CVE-2017-1000074 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity

CVE-2017-1000072 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modificati

CVE-2021-32281 HIGH POC
7.8 Sep 20

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio

CVE-2018-13795 HIGH POC
7.5 Jul 09

Gravity before 0.5.1 does not support a maximum recursion depth. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2021-32285 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32283 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32282 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2026-40504 CRITICAL
9.3 Apr 16

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications

Share

CVE-2021-32284 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy