PT-2021-3595 · Linuxptp+9 · Linuxptp+9

Miroslav Lichvar

·

Published

2021-05-31

·

Updated

2023-05-29

·

CVE-2021-3570

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions linuxptp versions before 3.1.1 linuxptp versions before 2.0.1 linuxptp versions before 1.9.3 linuxptp versions before 1.8.1 linuxptp versions before 1.7.1 linuxptp versions before 1.6.1 linuxptp versions before 1.5.1
Description A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Recommendations For versions before 3.1.1, update to version 3.1.1 or later. For versions before 2.0.1, update to version 2.0.1 or later. For versions before 1.9.3, update to version 1.9.3 or later. For versions before 1.8.1, update to version 1.8.1 or later. For versions before 1.7.1, update to version 1.7.1 or later. For versions before 1.6.1, update to version 1.6.1 or later. For versions before 1.5.1, update to version 1.5.1 or later.

Fix

RCE

Buffer Overflow

Memory Corruption

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALT-PU-2021-2487
BDU:2021-03699
CESA-2021_2658
CESA-2021_2660
CVE-2021-3570
DLA-2723-1
DSA-4938-1
OESA-2021-1368
OPENSUSE-SU-2021:1102-1
OPENSUSE-SU-2021:3202-1
OPENSUSE-SU-2021_1102-1
OPENSUSE-SU-2021_3202-1
RHSA-2021:2657
RHSA-2021:2658
RHSA-2021:2659
RHSA-2021:2660
RHSA-2021_2658
RHSA-2021_2660
RLSA-2021:2660
SUSE-SU-2021:2443-1
SUSE-SU-2021:2472-1
SUSE-SU-2021:2545-1
SUSE-SU-2021:3202-1
SUSE-SU-2021_2443-1
SUSE-SU-2021_2472-1
SUSE-SU-2021_2545-1
SUSE-SU-2021_3202-1
USN-6097-1

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Linuxptp