CVE-2021-3571
linuxptp: wrong length of one-step follow-up in transparent clock
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.
Se ha encontrado un fallo en el programa ptp4l del paquete linuxptp. Cuando ptp4l está operando en una arquitectura little-endian como transparent clock PTP, un atacante remoto podría enviar un mensaje de sincronización de un paso diseñado para causar un filtrado de información o un bloqueo. La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos y la disponibilidad del sistema. Este fallo afecta a versiones de linuxptp anteriores a 3.1.1 y anteriores a 2.0.1
A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-31 CVE Reserved
- 2021-07-09 CVE Published
- 2024-02-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1966241 | 2021-11-09 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | < 2.0.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " < 2.0.1" | - |
Affected
| ||||||
Linuxptp Project Search vendor "Linuxptp Project" | Linuxptp Search vendor "Linuxptp Project" for product "Linuxptp" | >= 3.0 < 3.1.1 Search vendor "Linuxptp Project" for product "Linuxptp" and version " >= 3.0 < 3.1.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
|