CVE-2021-3570
HIGHlinuxptp < 1.5.1 - Remote Code Execution via PTP Message Forwarding
Title source: llmDescription
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
References (5)
Core 5
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1966240
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2021/dsa-4938
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html
Scores
CVSS v3
8.8
EPSS
0.0123
EPSS Percentile
79.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
CWE-787
Status
published
Products (13)
debian/debian_linux
10.0
fedoraproject/fedora
33
fedoraproject/fedora
34
linuxptp_project/linuxptp
< 1.5.1
redhat/enterprise_linux
6.0
redhat/enterprise_linux
7.0
redhat/enterprise_linux
8.0
redhat/enterprise_linux_aus
8.2
redhat/enterprise_linux_aus
8.4
redhat/enterprise_linux_eus
8.1
... and 3 more
Published
Jul 09, 2021
Tracked Since
Feb 18, 2026