CVE-2021-3570
linuxptp: missing length check of forwarded messages
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
Se ha encontrado un fallo en el programa ptp4l del paquete linuxptp. Una falta de comprobación de longitud al reenviar un mensaje PTP entre puertos permite a un atacante remoto causar un filtrado de información, un bloqueo o, potencialmente, una ejecución de código remota. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema. Este fallo afecta a linuxptp versiones anteriores a 3.1.1, anteriores a 2.0.1, anteriores a 1.9.3, anteriores a 1.8.1, anteriores a 1.7.1, anteriores a 1.6.1 y anteriores a 1.5.1
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-31 CVE Reserved
- 2021-07-06 CVE Published
- 2024-02-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1966240 | 2021-07-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | < 1.5.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " < 1.5.1" | - |
Affected
| ||||||
| Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | >= 1.6.0 < 1.6.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " >= 1.6.0 < 1.6.1" | - |
Affected
| ||||||
| Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | >= 1.7.0 < 1.7.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " >= 1.7.0 < 1.7.1" | - |
Affected
| ||||||
| Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | >= 1.8.0 < 1.8.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " >= 1.8.0 < 1.8.1" | - |
Affected
| ||||||
| Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | >= 1.9.0 < 1.9.3 Search vendor "Linuxptp Project" for product "Linuxptp" and version " >= 1.9.0 < 1.9.3" | - |
Affected
| ||||||
| Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | >= 2.0.0 < 2.0.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " >= 2.0.0 < 2.0.1" | - |
Affected
| ||||||
| Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | >= 3.0.0 < 3.1.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " >= 3.0.0 < 3.1.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Aus Search vendor "Redhat" for product "Enterprise Linux Aus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Aus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.1 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Tus Search vendor "Redhat" for product "Enterprise Linux Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Tus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Tus Search vendor "Redhat" for product "Enterprise Linux Tus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Tus" and version "8.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||