CVE-2021-45926 – CVE-2021-45926 is a stack-based buffer overflow... (How to Fix)

Q: What is the severity of CVE-2021-45926?

CVE-2021-45926 has a CVSS score of 7.8 (HIGH). CVE-2021-45926 is a stack-based buffer overflow vulnerability in MDB Tools (mdbtools) that allows attackers to execute arbitrary code or cause denial of service by exploiting improper bounds checking in the mdb_numeric_to_string function. This affects systems running mdbtools 0.9.2 and earlier versions that process malicious Microsoft Access database files. Users and applications that utilize mdbtools to read or convert MDB files are vulnerable.

📋 TL;DR

CVE-2021-45926 is a stack-based buffer overflow vulnerability in MDB Tools (mdbtools) that allows attackers to execute arbitrary code or cause denial of service by exploiting improper bounds checking in the mdb_numeric_to_string function. This affects systems running mdbtools 0.9.2 and earlier versions that process malicious Microsoft Access database files. Users and applications that utilize mdbtools to read or convert MDB files are vulnerable.

💻 Affected Systems

Products:

MDB Tools (mdbtools)

Versions: Versions up to and including 0.9.2

Operating Systems: Linux, Unix-like systems, Windows (if compiled from source)

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing specially crafted Microsoft Access database (.mdb) files through vulnerable functions.

📦 What is this software?

Mdbtools by Mdbtools Project

View all CVEs affecting Mdbtools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment if the vulnerable component processes attacker-controlled MDB files.

🟠

Likely Case

Application crash or denial of service when processing malformed MDB files, potentially disrupting database conversion workflows.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, restricting file processing to trusted sources only.

🌐 Internet-Facing: MEDIUM - Risk exists if mdbtools is exposed via web applications or APIs that accept user-uploaded MDB files, though specific exploitation vectors may be limited.

🏢 Internal Only: MEDIUM - Internal systems using mdbtools for database conversion or analysis could be compromised via malicious internal files or lateral movement.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept available via OSS-Fuzz issue #35972; exploitation requires feeding a malicious MDB file to vulnerable mdbtools functions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 373b7ff4c4daf887269c078407cb1338942c4ea6 and later versions

Vendor Advisory: https://security.gentoo.org/glsa/202208-12

Restart Required: No

Instructions:

1. Update mdbtools to version after commit 373b7ff4c4daf887269c078407cb1338942c4ea6. 2. For package managers: Use 'apt update && apt upgrade mdbtools' on Debian/Ubuntu, 'yum update mdbtools' on RHEL/CentOS, or 'emerge --sync && emerge -av mdbtools' on Gentoo. 3. Recompile from source if using custom builds.

🔧 Temporary Workarounds

Restrict MDB file processing

all

Limit mdbtools usage to trusted, validated MDB files only; implement file upload restrictions in web applications.

Sandbox mdbtools execution

linux

Run mdbtools in isolated containers or with reduced privileges using tools like Docker or SELinux.

docker run --read-only -v /safe/path:/data mdbtools mdbtools-command

🧯 If You Can't Patch

Disable or remove mdbtools from production systems if not essential.
Implement strict input validation and file type checking for any MDB file processing workflows.

🔍 How to Verify

Check if Vulnerable:

Check mdbtools version with 'mdbtools --version' or 'mdb-ver'; if output shows 0.9.2 or earlier, system is vulnerable.

Check Version:

mdbtools --version 2>/dev/null || mdb-ver 2>/dev/null || dpkg -l | grep mdbtools || rpm -q mdbtools

Verify Fix Applied:

After update, confirm version is newer than 0.9.2; test with known safe MDB files to ensure functionality.

📡 Detection & Monitoring

Log Indicators:

Application crashes or segmentation faults in mdbtools processes
Unusual file processing errors in system logs related to MDB files

Network Indicators:

Unexpected uploads of MDB files to web applications or APIs
Network traffic spikes from systems running mdbtools

SIEM Query:

source="*mdbtools*" AND (event_type="crash" OR event_type="segfault")

📊 Metadata

CVE ID: CVE-2021-45926

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 1, 2022

Last Updated: November 21, 2024

🔗 References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 Exploit,Issue Tracking,Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mdbtools/OSV-2021-958.yaml Exploit,Third Party Advisory
https://github.com/mdbtools/mdbtools/commit/373b7ff4c4daf887269c078407cb1338942c4ea6 Patch,Third Party Advisory
https://security.gentoo.org/glsa/202208-12 Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35972 Exploit,Issue Tracking,Third Party Advisory
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mdbtools/OSV-2021-958.yaml Exploit,Third Party Advisory
https://github.com/mdbtools/mdbtools/commit/373b7ff4c4daf887269c078407cb1338942c4ea6 Patch,Third Party Advisory
https://security.gentoo.org/glsa/202208-12 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45926, you might also want to check these: