Lucene search

Alpine Linux Development TeamALPINE:CVE-2021-33586

HistoryMay 27, 2021 - 5:15 a.m.

CVE-2021-33586

2021-05-2705:15:06

Alpine Linux Development Team

security.alpinelinux.org

cve-2021-33586

memory access

unix

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the “malformed PONG” issue.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchinspircd< 3.10.0-r0UNKNOWN
Alpine3.20-communitynoarchinspircd< 3.10.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	inspircd	< 3.10.0-r0	UNKNOWN
Alpine	3.20-community	noarch	inspircd	< 3.10.0-r0	UNKNOWN

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Related for ALPINE:CVE-2021-33586