CVE-2021-3570

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

Published: Jul 9, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-3570
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 8
AV:N/AC:L/Au:S/C:P/I:P/A:C

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
linuxptp_project / linuxptp	3.0.0	3.1.1
linuxptp_project / linuxptp	2.0.0	2.0.1
linuxptp_project / linuxptp	1.9.0	1.9.3
linuxptp_project / linuxptp	1.8.0	1.8.1
linuxptp_project / linuxptp	-	1.5.1
linuxptp_project / linuxptp	1.6.0	1.6.1
linuxptp_project / linuxptp	1.7.0	1.7.1
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	6.0	6.0.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_eus	8.1	8.1.x
redhat / enterprise_linux_eus	8.2	8.2.x
redhat / enterprise_linux_aus	8.2	8.2.x
redhat / enterprise_linux_tus	8.2	8.2.x
redhat / enterprise_linux_aus	8.4	8.4.x
redhat / enterprise_linux_tus	8.4	8.4.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
debian / debian_linux	10.0	10.0.x

Vulnerability Database

289,599

CVE-2021-3570