← Back

CVE-2021-3571

nvd nist
Published: Jul 9, 2021Modified: Nov 21, 2024

JSON object

Loading...
7.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Exploitability: 2.8 / Impact: 4.2
Source: NVD

Description

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.

Affected (5)

Linuxptp Project
1 product
Linuxptp
Redhat
1 product
Enterprise Linux
Fedoraproject
1 product
Fedora
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Linuxptp Project
Linuxptp
Before 2.0.1
Linuxptp
From 3.0 to 3.1.1
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Enterprise Linux
Version 8.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 33
Fedora
Version 34

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.

References (6)

Source: secalert@redhat.com
Issue TrackingPatchThird Party Advisory
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.