Login Sign Up

CVE-2021-21815

7.8 HIGH
Buffer Overflow

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on systems running Xmill 0.7 by exploiting a stack-based buffer overflow in the command-line argument parser. Attackers can craft malicious file paths to overflow the buffer and gain control of the program execution. Anyone using Xmill 0.7 for compression/decompression is affected.

💻 Affected Systems

Products:
  • Xmill
Versions: 0.7 only
Operating Systems: Linux, Unix-like systems, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of Xmill 0.7 are vulnerable regardless of configuration. The vulnerability exists in the core command-line parsing functionality.

📦 What is this software?

Xmill by Att

View all CVEs affecting Xmill →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Xmill process, potentially leading to full system compromise if Xmill runs with elevated privileges.

🟠

Likely Case

Local privilege escalation or denial of service, as Xmill is typically run locally by users with command-line access.

🟢

If Mitigated

Limited impact if Xmill runs in sandboxed environments or with minimal privileges, though buffer overflow could still cause crashes.

🌐 Internet-Facing: LOW - Xmill is a command-line utility not typically exposed to internet traffic.
🏢 Internal Only: MEDIUM - Internal users with command-line access could exploit this for privilege escalation or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires command-line access to run Xmill. The buffer overflow is straightforward to trigger with crafted file paths.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: None

Restart Required: No

Instructions:

No official patch exists. The software appears unmaintained. Recommended action is to remove Xmill 0.7 entirely.

🔧 Temporary Workarounds

Remove Xmill 0.7

all

Uninstall Xmill 0.7 completely as no patch is available

sudo apt remove xmill
sudo yum remove xmill
Manual removal from system

Restrict execution permissions

linux

Remove execute permissions from Xmill binary to prevent usage

sudo chmod -x /usr/bin/xmill
sudo chmod -x /usr/local/bin/xmill

🧯 If You Can't Patch

  • Run Xmill in a sandboxed container with minimal privileges
  • Implement strict access controls to limit who can execute Xmill commands

🔍 How to Verify

Check if Vulnerable:

Check if Xmill 0.7 is installed: 'which xmill' and 'xmill --version' or check package manager

Check Version:

xmill --version 2>&1 | grep -i version

Verify Fix Applied:

Verify Xmill 0.7 is no longer installed or executable: 'which xmill' should return nothing, 'ls -la /usr/bin/xmill' should show no execute permissions

📡 Detection & Monitoring

Log Indicators:

  • Unusual command-line arguments to Xmill with long file paths
  • Xmill process crashes with segmentation faults

Network Indicators:

  • Not applicable - local command-line utility

SIEM Query:

Process execution where process_name='xmill' AND command_line CONTAINS long strings (>256 chars)

📊 Metadata

CVE ID: CVE-2021-21815
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: August 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21815, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)