exploitDog

CVE-2021-3861

Опубликовано: 07 фев. 2022

Источник: nvd

CVSS3: 8.2

CVSS3: 6.8

CVSS2: 7.2

EPSS Низкий

Описание

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj

Ссылки

http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
Exploit
Third Party Advisory
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

Версия от 2.6.0 (включая) до 2.7.1 (включая)

EPSS

Процентиль: 15%

0.00049

Низкий

8.2 High

CVSS3

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-122

CWE-787

Связанные уязвимости

CVE-2021-3861

CVSS3: 8.2

ubuntu

около 4 лет назад

The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj

EPSS

Процентиль: 15%

0.00049

Низкий

8.2 High

CVSS3

6.8 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-122

CWE-787