Lucene search

[email protected]CVE-2021-33304

HistoryFeb 15, 2023 - 10:15 p.m.

CVE-2021-33304

2023-02-1522:15:11

CWE-415

[email protected]

web.nvd.nist.gov

cve

2021

33304

double free

vulnerability

virtualsquare

picotcp

picotcp-ng

pico_fragments.c

pico_fragments_reassemble

arbitrary code

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.1%

JSON

Double Free vulnerability in virtualsquare picoTCP v1.7.0 and picoTCP-NG v2.1 in modules/pico_fragments.c in function pico_fragments_reassemble, allows attackers to execute arbitrary code.

Affected configurations

NVD

Node

altranpicotcpMatch1.7.0

altranpicotcp-ngMatch2.1

CPENameOperatorVersion
altran:picotcpaltran picotcpeq1.7.0
altran:picotcp-ngaltran picotcp-ngeq2.1

CPE	Name	Operator	Version
altran:picotcp	altran picotcp	eq	1.7.0
altran:picotcp-ng	altran picotcp-ng	eq	2.1

References

github.com/virtualsquare/picotcp/issues/6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.1%

JSON

Related for CVE-2021-33304

prion1 osv1 cvelist1 nvd1