CVE-2021-3571

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:S/C:P/I:N/A:C

Name of the Vulnerable Software and Affected Versions linuxptp versions prior to 3.1.1 linuxptp versions prior to 2.0.1

Description A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability.

Recommendations For versions prior to 3.1.1, update to version 3.1.1 or later to resolve the issue. For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the ptp4l program to minimize the risk of exploitation.

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

ALSA-2021:4321

ALT-PU-2021-2487

BDU:2021-04469

CESA-2021_4321

CVE-2021-3571

OESA-2021-1267

RHSA-2021:4321

RHSA-2021_4321

RLSA-2021:4321

Affected Products

Alt Linux

Almalinux

Centos

Red Hat

Red Os

Rocky Linux

Linuxptp

CVE-2021-3571

Weakness Enumeration

Related Identifiers

Affected Products

References · 31