Published: 09/07/2021 Updated: 07/11/2023

CVSS v2 Base Score: 8 | Impact Score: 8.5 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 712

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote malicious user to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions prior to 3.1.1, prior to 2.0.1, prior to 1.9.3, prior to 1.8.1, prior to 1.7.1, prior to 1.6.1 and prior to 1.5.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxptp project linuxptp
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat enterprise linux 8.0
redhat enterprise linux eus 8.1
redhat enterprise linux eus 8.2
redhat enterprise linux aus 8.2
redhat enterprise linux tus 8.2
redhat enterprise linux aus 8.4
redhat enterprise linux tus 8.4
fedoraproject fedora 33
fedoraproject fedora 34
debian debian linux 10.0

Debian Bug report logs - #990749 linuxptp: CVE-2021-3571 Package: src:linuxptp; Maintainer for src:linuxptp is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 6 Jul 2021 07:06:01 UTC Severity: grave Tags: security, upstream Found i ...

Debian Bug report logs - #990748 linuxptp: CVE-2021-3570 Package: src:linuxptp; Maintainer for src:linuxptp is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 6 Jul 2021 07:03:01 UTC Severity: grave Tags: security, upstream Found i ...

Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution For the stable distribution (buster), this problem has ...

A flaw was found in the ptp4l program of the linuxptp package A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability (CVE ...

A flaw was found in the ptp4l program of the linuxptp package A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability ...

CWE-787 https://bugzilla.redhat.com/show_bug.cgi?id=1966240 https://www.debian.org/security/2021/dsa-4938 https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990749 https://www.debian.org/security/2021/dsa-4938

CVE-2021-3570

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect