Severity
Medium
Analysis Summary
CVE-2021-33035
Apache OpenOffice is vulnerable to a buffer overflow, caused by improper bounds checking by the dBase database file (DBF) format. By persuading a victim to open a specially crafted .dbf file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-38153
Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of “Arrays.equals” to validate a password or key. By utilize brute-force attack techniques, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
Impact
- Buffer Overflow
- Information Disclosure
Affected Vendors
- Apache
Affected Products
- Apache OpenOffice 4.1.8 Apache OpenOffice 4.1.9 Apache OpenOffice 4.1.10
- Apache Kafka 2.1.0
- Apache Kafka 2.0.0
- Apache Kafka 2.0.1
- Apache Kafka 2.1.1
- Apache Kafka 2.2.0
- Apache Kafka 2.2.1
- Apache Kafka 2.3.0
- Apache Kafka 2.2.2
- Apache Kafka 2.3.1
- Apache Kafka 2.4.0
- Apache Kafka 2.4.1
- Apache Kafka 2.5.0
- Apache Kafka 2.5.1
- Apache Kafka 2.6.0
- Apache Kafka 2.6.1
- Apache Kafka 2.6.2
- Apache Kafka 2.7.0
- Apache Kafka 2.7.1
- Apache Kafka 2.8.0
Remediation
Upgrade to the latest version of Apache, available from the Apache Web site.