CVE-2021-27247

MEDIUM

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerab...

Affects 1 product across 1 vendor.

BCS5.52
CVSS 3.16.5
EPSS6.4%
Percentile93th
PatchUnknown
CVSS Vector — Plain English Remotely exploitable over the network, low complexity, no authentication required, requires user interaction, impact contained to the vulnerable component, full confidentiality impact, no integrity impact, no availability impact.
CWE Weakness Definitions
CWE-125: Out-of-Bounds Read

Software reads data past the boundary of an allocated buffer, leaking sensitive information or causing crashes.

◆ SAGE Intelligence — CITED Relevance Research Team

A vulnerability in Tencent WeChat 2.9.5 desktop version allows remote attackers to disclose sensitive information through the WXAM decoder due to improper validation of user-supplied data. User interaction is required to exploit this vulnerability.

BSID: BS-2021-GLOBAL-268087-M • Model: /workspace/models/qwen2.5-coder-32b-instruct-bf16 • Confidence: MEDIUM

Is this CVE in your environment?

BreachSpider monitors your ICS/OT environment for vulnerabilities like this one. No agents or network access required. Free to start.

Check My Environment →
Frequently Asked Questions
What is CVE-2021-27247?
A vulnerability in Tencent WeChat 2.9.5 desktop version allows remote attackers to disclose sensitive information through the WXAM decoder due to improper validation of user-supplied data. User interaction is required to exploit this vulnerability.
What is the CVSS score for CVE-2021-27247?
CVE-2021-27247 has CVSS 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. EPSS: 6.4%.
Is CVE-2021-27247 actively exploited?
No confirmed active exploitation of CVE-2021-27247 as of 2026-06-16.
How do I remediate CVE-2021-27247?
Priority: MEDIUM.
What systems are affected by CVE-2021-27247?
CVE-2021-27247 affects: Tencent.
Vulnerability Details
CVE IDCVE-2021-27247
BSIDBS-2021-GLOBAL-268087-M BreachSpider Global ID
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Published2021-04-14
Last Modified2024-11-21
ICS Relevance15%
Weakness (CWE)
Out-of-Bounds Read
SourceNVD
Official Description

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tencent WeChat 2.9.5 desktop version. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-11907.

Source: NIST NVD / MITRE CVE Database

Attack Vector Analysis — CITED Relevance

The attack vector involves a remote attacker who can exploit this vulnerability by enticing the user to visit a malicious web page or open a malicious file. The vulnerability exists in the WXAM decoder component of WeChat, where user-supplied data is not properly validated, leading to the disclosure of sensitive information.

Exploitation Likelihood: MEDIUM

Affected Products
VendorProductFixed Version
Tencent Wechat
Remediation

No patch URL on record. Monitor vendor security advisories directly.

Threat Intelligence
● Threat Intelligence Validated: June 2026 | Threat Age: 1889 Days
CISA KEVNot in KEV catalog
Public ExploitNot confirmed
PoC CodeNot confirmed
SAGE Enrichment Record — provenance & audit hash
Model/workspace/models/qwen2.5-coder-32b-instruct-bf16
ConfidenceMEDIUM
Enriched At2026-05-24
SHA-512 Audit Hashec0acb4f2b001b021a7eaf17514b356a43fd1c0c6518e5f34e23806698f4c98b8ebbafee2654f27016981b50eceaaabce82219dd3075b90ee98556a90fe9a234
Related CVEs affecting Tencent
CVE-2025-11046 9.8 A security flaw has been discovered in Tencent WeKnora 0.1.0. This impacts th... CVE-2021-27439 9.8 TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function... CVE-2023-30363 9.8 vConsole v3.15.0 was discovered to contain a prototype pollution due to incor... CVE-2024-33078 9.8 Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a craft... CVE-2026-22687 9.8 WeKnora is an LLM-powered framework designed for deep document understanding ...
View all Tencent CVEs →

ICS/OT Vulnerability Intelligence for Your Environment

BreachSpider monitors 353,228 CVEs across ICS/OT vendors. SAGE-enriched alerts with virtual patches, NERC-CIP mapping, and PSIRT contacts delivered to your SIEM in minutes.

Join free →