Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-j1r2-w4fn-27gn
Vulnerability ID VCID-j1r2-w4fn-27gn
Aliases CVE-2021-41499
GHSA-5f5c-687x-g5qm
Summary Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Buffer Overflow Vulnerability exists in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file name.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0047 https://api.first.org/data/v1/epss?cve=CVE-2021-41499
epss 0.0047 https://api.first.org/data/v1/epss?cve=CVE-2021-41499
epss 0.0047 https://api.first.org/data/v1/epss?cve=CVE-2021-41499
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-5f5c-687x-g5qm
cvssv3.1 7.5 https://github.com/belangeo/pyo
generic_textual HIGH https://github.com/belangeo/pyo
cvssv3.1 7.5 https://github.com/belangeo/pyo/issues/222
generic_textual HIGH https://github.com/belangeo/pyo/issues/222
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41499
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2021-41499
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-41499
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41499
https://github.com/belangeo/pyo
https://github.com/belangeo/pyo/issues/222
CVE-2021-41499 https://nvd.nist.gov/vuln/detail/CVE-2021-41499
GHSA-5f5c-687x-g5qm https://github.com/advisories/GHSA-5f5c-687x-g5qm
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/belangeo/pyo
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/belangeo/pyo/issues/222
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-41499
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.64914
EPSS Score 0.0047
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:40:46.133912+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/pyo/CVE-2021-41499.yml 38.6.0