CVE-2021-3655

Опубликовано: 05 авг. 2021

Источник: nvd

CVSS3: 3.3

CVSS2: 2.1

EPSS Низкий

Описание

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=1984024
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1984024
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия до 5.14 (исключая)

cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00023

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-909

CWE-20

Связанные уязвимости

CVE-2021-3655

CVSS3: 3.3

ubuntu

больше 4 лет назад

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

CVE-2021-3655

CVSS3: 3.3

redhat

больше 4 лет назад

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

CVE-2021-3655

CVSS3: 3.3

msrc

больше 4 лет назад

A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

CVE-2021-3655

CVSS3: 3.3

debian

больше 4 лет назад

A vulnerability was found in the Linux kernel in versions prior to v5. ...

GHSA-2r5v-rg6v-8xg5

CVSS3: 3.3

github

больше 3 лет назад

A vulnerability was found in the Linux kernel in versions before v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory.

EPSS

Процентиль: 5%

0.00023

Низкий

3.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-909

CWE-20