Miggo Logo
Miggo Vulnerability Database
CVE-2021-41497

CVE-2021-41497:
bounter Null pointer reference

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-41497
GHSA ID
GHSA-74xw-gwfm-7pv7
EPSS Score
0.51136%
CWE
CWE-476
Published
12/18/2021
Updated
11/21/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
bounterpip<= 1.2.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

  1. The vulnerability description explicitly names CMS_Conservative_increment_obj as the vulnerable function.
  2. NULL pointer dereference (CWE-476) typically occurs when code fails to check return values of memory allocation functions.
  3. The attack vector (huge hash bucket width) suggests improper input validation in hash table initialization logic within this function.
  4. While exact source code isn't available, the function name follows naming conventions suggesting it's part of the Count-Min Sketch (CMS) implementation in C extensions (hence .c file extension).
  5. High confidence comes from the explicit function name in vulnerability reports and consistency with described attack mechanism.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Null point*r r***r*n** in *MS_*ons*rv*tiv*_in*r*m*nt_o*j in R*R*-T***nolo*i*s *ount*r v*rsion *.** *n* *.**, *llows *tt**k*rs to *on*u*t **ni*l o* S*rvi** *tt**ks *y inputtin* * *u** wi*t* o* **s* *u*k*t.

Reasoning

*. T** vuln*r**ility **s*ription *xpli*itly n*m*s *MS_*ons*rv*tiv*_in*r*m*nt_o*j *s t** vuln*r**l* *un*tion. *. NULL point*r **r***r*n** (*W*-***) typi**lly o**urs w**n *o** **ils to ****k r*turn v*lu*s o* m*mory *llo**tion *un*tions. *. T** *tt**k v