Lucene search

K

[email protected]NVD:CVE-2021-3570

HistoryJul 09, 2021 - 11:15 a.m.

CVE-2021-3570

2021-07-0911:15:08

CWE-119

CWE-787

[email protected]

web.nvd.nist.gov

8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:P/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.012 Low

EPSS

Percentile

85.3%

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Affected configurations

NVD

Node

linuxptp_projectlinuxptpRange<1.5.1

OR

linuxptp_projectlinuxptpRange1.6.0–1.6.1

OR

linuxptp_projectlinuxptpRange1.7.0–1.7.1

OR

linuxptp_projectlinuxptpRange1.8.0–1.8.1

OR

linuxptp_projectlinuxptpRange1.9.0–1.9.3

OR

linuxptp_projectlinuxptpRange2.0.0–2.0.1

OR

linuxptp_projectlinuxptpRange3.0.0–3.1.1

Node

redhatenterprise_linuxMatch6.0

OR

redhatenterprise_linuxMatch7.0

OR

redhatenterprise_linuxMatch8.0

OR

redhatenterprise_linux_ausMatch8.2

OR

redhatenterprise_linux_ausMatch8.4

OR

redhatenterprise_linux_eusMatch8.1

OR

redhatenterprise_linux_eusMatch8.2

OR

redhatenterprise_linux_tusMatch8.2

OR

redhatenterprise_linux_tusMatch8.4

Node

fedoraprojectfedoraMatch33

OR

fedoraprojectfedoraMatch34

Node

debiandebian_linuxMatch10.0

References

bugzilla.redhat.com/show_bug.cgi?id=1966240

lists.debian.org/debian-lts-announce/2021/07/msg00025.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/

www.debian.org/security/2021/dsa-4938

8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:P/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.012 Low

EPSS

Percentile

85.3%

Related for NVD:CVE-2021-3570

nessus29 openvas15 redhat5 suse2 ubuntu1 almalinux1 debian3 amazon1 debiancve1 veracode1 osv5 oraclelinux2 centos1 ubuntucve1 prion1 redhatcve1 cve1 rocky1 cvelist1 fedora2 photon4 redos1