CVE-2021-43521
Description
Buffer overflow in zlog 1.2.15 allows potential code execution via crafted config file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in zlog 1.2.15 allows potential code execution via crafted config file.
Vulnerability
A stack-buffer-overflow vulnerability exists in zlog version 1.2.15 in the zlog_conf_build_with_file function in src/zlog/src/conf.c [2]. The line buffer on the stack (size 4098 bytes) can be underflowed by one byte when parsing a specially crafted configuration file, leading to a read of one byte before the buffer. Subsequent processing may cause a write overflow if the preceding byte is a space or other control character [2].
Exploitation
An attacker must provide a malicious configuration file to an application using the zlog library. The vulnerability is triggered when zlog_conf_build_with_file processes the file; no authentication or special privileges are required beyond the ability to supply the file (e.g., via file upload, network share, or local access). The overflow is a read of one byte under the stack buffer, which can lead to a write overflow if the byte underflowed is a specific character (like 0x20) [2].
Impact
Successful exploitation could cause a crash due to the out-of-bounds read or write, potentially leading to memory corruption. In a worst-case scenario, an attacker may achieve arbitrary code execution, although the provided reference notes the vulnerability is a stack-based overflow that could be leveraged for further exploitation [2].
Mitigation
As of the publication date, no fix has been released for zlog 1.2.15. Users should avoid processing untrusted configuration files or consider using an alternative logging library. The issue is tracked in the zlog repository [1] but no patch is yet available [2].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- zlog/zlogdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds check on a pointer in zlog_conf_build_with_file allows reading one byte before a stack buffer, which can lead to a write overflow if the byte is a space."
Attack vector
An attacker can supply a crafted configuration file to the zlog library. When `zlog_conf_build_with_file` parses this file, the pointer `p` reads one byte before the `line` stack buffer (underflow). If that byte is a space (0x20) or similar whitespace, the loop continues and `p++` can write past the buffer's end, causing a stack-buffer-overflow [ref_id=1]. No authentication or special network access is required beyond delivering the malicious file to the application.
Affected code
The vulnerability resides in `zlog_conf_build_with_file` in `/src/zlog/src/conf.c` at line 308. The `line` buffer (line 247) is allocated on the stack, and a pointer `p` can read one byte before the start of this buffer (underflow), as reported by AddressSanitizer. If that byte happens to be a space character (0x20), the loop continues and can cause a write overflow beyond the buffer boundaries [ref_id=1].
What the fix does
The advisory does not include a patch. The researcher notes that a one-byte read underflow occurs at line 308, and if the byte read is a space (0x20), the loop continues and can cause a write overflow [ref_id=1]. A proper fix would add a bounds check before reading from `p` to ensure it does not go below the start of the `line` buffer, preventing both the read underflow and the subsequent write overflow.
Preconditions
- inputThe attacker must supply a crafted configuration file that triggers the underflow condition in zlog_conf_build_with_file.
- configThe application must use the zlog library (version 1.2.15) and call zlog_init or zlog_init_inner with the malicious file.
Generated on May 30, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/HardySimpson/zlog/issues/206mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.