CVE-2021-35344 – CVE-2021-35344 is a heap-based buffer overflow ... (How to Fix)

Q: What is the severity of CVE-2021-35344?

CVE-2021-35344 has a CVSS score of 9.8 (CRITICAL). CVE-2021-35344 is a heap-based buffer overflow vulnerability in tsMuxer v2.6.16 that allows attackers to execute arbitrary code or cause denial of service by exploiting the BitStreamReader::getCurVal function. This affects users who process untrusted media files with vulnerable versions of tsMuxer. The vulnerability can be triggered when parsing specially crafted input files.

📋 TL;DR

CVE-2021-35344 is a heap-based buffer overflow vulnerability in tsMuxer v2.6.16 that allows attackers to execute arbitrary code or cause denial of service by exploiting the BitStreamReader::getCurVal function. This affects users who process untrusted media files with vulnerable versions of tsMuxer. The vulnerability can be triggered when parsing specially crafted input files.

💻 Affected Systems

Products:

tsMuxer

Versions: v2.6.16 and possibly earlier versions

Operating Systems: All platforms where tsMuxer runs (Windows, Linux, macOS)

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the core library and affects all configurations that process media files.

📦 What is this software?

Tsmuxer by Tsmuxer Project

View all CVEs affecting Tsmuxer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the tsMuxer process, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious media files.

🟢

If Mitigated

Limited impact if tsMuxer runs with minimal privileges and processes only trusted files.

🌐 Internet-Facing: MEDIUM - tsMuxer is typically used for media processing rather than as an internet-facing service, but web applications that use it for media processing could be vulnerable.

🏢 Internal Only: MEDIUM - Internal users processing untrusted media files could trigger the vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept exists in GitHub issues, and heap buffer overflows are commonly weaponized for RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 3a889a37b5b74a45025aca13ebda394b8f706ef3 and later versions

Vendor Advisory: https://github.com/justdan96/tsMuxer/issues/432

Restart Required: No

Instructions:

1. Update tsMuxer to the latest version from the official GitHub repository. 2. Recompile from source if using self-compiled versions. 3. Replace any vulnerable binaries with patched versions.

🔧 Temporary Workarounds

Restrict file processing

all

Only allow tsMuxer to process media files from trusted sources

Run with reduced privileges

all

Execute tsMuxer with minimal user permissions to limit potential damage

sudo -u nobody tsMuxer [options] (Linux)
runas /user:lowprivilegeuser tsMuxer.exe (Windows)

🧯 If You Can't Patch

Discontinue use of tsMuxer for processing untrusted media files
Implement application allowlisting to prevent execution of vulnerable tsMuxer versions

🔍 How to Verify

Check if Vulnerable:

Check tsMuxer version: tsMuxer --version or examine binary metadata. Version 2.6.16 is vulnerable.

Check Version:

tsMuxer --version

Verify Fix Applied:

Verify tsMuxer version is newer than commit 3a889a37b5b74a45025aca13ebda394b8f706ef3 or check that the BitStreamReader::getCurVal function has proper bounds checking.

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults or access violations
Unusual memory allocation patterns in process monitoring

Network Indicators:

Unusual outbound connections from tsMuxer process if RCE is achieved

SIEM Query:

Process:tsMuxer AND (EventID:1000 OR EventID:1001) OR Process:tsMuxer AND NetworkConnection:Initiated

📊 Metadata

CVE ID: CVE-2021-35344

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 3, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/justdan96/tsMuxer/issues/432 Exploit,Third Party Advisory
https://github.com/justdan96/tsMuxer/pull/439/commits/3a889a37b5b74a45025aca13ebda394b8f706ef3 Patch,Third Party Advisory
https://github.com/justdan96/tsMuxer/issues/432 Exploit,Third Party Advisory
https://github.com/justdan96/tsMuxer/pull/439/commits/3a889a37b5b74a45025aca13ebda394b8f706ef3 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35344, you might also want to check these: