CVE-2021-3700

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions usbredir versions prior to 0.11.0

Description A use-after-free issue was found in the usbredirparser serialize() function in usbredirparser/usbredirparser.c. This occurs when serializing large amounts of buffered write data, particularly in cases of slow or blocked destinations. The exploitation of this issue could allow an attacker to access confidential data, compromise data integrity, and cause a denial of service.

Recommendations For versions prior to 0.11.0, update to version 0.11.0 or later to resolve the issue. As a temporary workaround, consider disabling the usbredirparser serialize() function until a patch is available.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2021-3443

ALT-PU-2022-3084

ALT-PU-2023-4256

AZL-8824

BDU:2022-05968

CVE-2021-3700

DLA-2958-1

MGASA-2022-0133

OESA-2021-1355

OPENSUSE-SU-2024:11489-1

ROSA-SA-2024-2442

USN-5784-1

Affected Products

Alt Linux

Astra Linux

Debian

Linuxmint

Ubuntu

Usbredir

CVE-2021-3700

Weakness Enumeration

Related Identifiers

Affected Products

References · 31