{"id":"CVE-2021-3570","details":"A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.","modified":"2026-05-28T04:04:19.114391556Z","published":"2021-07-09T11:15:08.723Z","related":["SUSE-SU-2021:2443-1","SUSE-SU-2021:2472-1","SUSE-SU-2021:2545-1","SUSE-SU-2021:3202-1","openSUSE-SU-2021:1102-1","openSUSE-SU-2021:3202-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_STRING","vendor_product":"debian:debian_linux","extracted_events":[{"last_affected":"10.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"]},{"source":"CPE_STRING","vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"33"},{"last_affected":"34"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]},{"source":"CPE_STRING","vendor_product":"redhat:enterprise_linux","extracted_events":[{"last_affected":"6.0"},{"last_affected":"7.0"},{"last_affected":"8.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"]},{"source":"CPE_STRING","vendor_product":"redhat:enterprise_linux_aus","extracted_events":[{"last_affected":"8.2"},{"last_affected":"8.4"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*"]},{"source":"CPE_STRING","vendor_product":"redhat:enterprise_linux_eus","extracted_events":[{"last_affected":"8.1"},{"last_affected":"8.2"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*"]},{"source":"CPE_STRING","vendor_product":"redhat:enterprise_linux_tus","extracted_events":[{"last_affected":"8.2"},{"last_affected":"8.4"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*"]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4938"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966240"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/richardcochran/linuxptp","events":[{"introduced":"0"},{"fixed":"f0db5a45e6ead83eff6a869abbe6260914a73cc4"},{"fixed":"4af0e62181d49b0ff2b4c6a3fd9df0070b6febbb"},{"fixed":"766efe61eeba4300548417d10019fa4b0c72713c"},{"fixed":"8a3c90666e7c84eb51b2d2631ce25b7eece341e5"},{"fixed":"29f5dbad499afaa2c6ace73a14d9c22ebdb9ac64"},{"fixed":"785bb70509d407404530060c1abe9f04e9275078"},{"fixed":"6feb76186ac39eab2fc011053f1cf46bfc94c8e4"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"1.5.1"},{"introduced":"1.6.0"},{"fixed":"1.6.1"},{"introduced":"1.7.0"},{"fixed":"1.7.1"},{"introduced":"1.8.0"},{"fixed":"1.8.1"},{"introduced":"1.9.0"},{"fixed":"1.9.3"},{"introduced":"2.0.0"},{"fixed":"2.0.1"},{"introduced":"3.0.0"},{"fixed":"3.1.1"}],"cpe":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*"}}],"versions":["v3.1","v1.7","v1.6","v1.5","v2.0","v1.8","v1.9.2","v3.0","v1.4","v1.3","v1.2","v1.1","v1.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3570.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}