CVE-2021-29997

Опубликовано: 13 апр. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in Wind River VxWorks 7 before 21.03. A specially crafted packet may lead to buffer over-read on IKE.

Ссылки

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-29997
Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Vendor Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2021-29997
Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*

Версия от 7.0 (включая) до 21.03 (исключая)

EPSS

Процентиль: 33%

0.00127

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-6xmx-h98x-6vxg

github

больше 3 лет назад

XML External Entity Resolution (XXE) in Helix ALM. The XML Import functionality of the Administration console in Perforce Helix ALM 2020.3.1 Build 22 accepts XML input data that is parsed by insecurely configured software components, leading to XXE attacks.