CVE-2021-44479

Опубликовано: 01 дек. 2021

Источник: nvd

CVSS3: 6.1

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.

Ссылки

https://github.com/Xen1thLabs-AE/CVE-2021-40154
Third Party Advisory
https://www.darkmatter.ae/xen1thlabs/published-advisories/
Broken Link
Third Party Advisory
https://github.com/Xen1thLabs-AE/CVE-2021-40154
Third Party Advisory
https://www.darkmatter.ae/xen1thlabs/published-advisories/
Broken Link
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:nxp:kinetis_k82_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:kinetis_k82:-:*:*:*:*:*:*:*

EPSS

Процентиль: 32%

0.00125

Низкий

6.1 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-vvcf-vw9f-7qr5

github

около 4 лет назад

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.

EPSS

Процентиль: 32%

0.00125

Низкий

6.1 Medium

CVSS3

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-125