{"id":"CVE-2021-47244","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: Fix out of bounds when parsing TCP options\n\nThe TCP option parser in mptcp (mptcp_get_options) could read one byte\nout of bounds. When the length is 1, the execution flow gets into the\nloop, reads one byte of the opcode, and if the opcode is neither\nTCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the\nlength of 1.\n\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").","modified":"2026-03-13T05:19:24.584459Z","published":"2024-05-21T15:15:13.477Z","references":[{"type":"FIX","url":"https://git.kernel.org/stable/c/07718be265680dcf496347d475ce1a5442f55ad7"},{"type":"FIX","url":"https://git.kernel.org/stable/c/73eeba71dc9932970befa009e68272a3d5ec4a58"},{"type":"FIX","url":"https://git.kernel.org/stable/c/76e02b8905d0691e89e104a882f3bba7dd0f6037"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-47244.json","unresolved_ranges":[{"events":[{"introduced":"5.6"},{"fixed":"5.10.46"}]},{"events":[{"introduced":"5.11"},{"fixed":"5.12.13"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc2"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc3"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc4"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc5"}]},{"events":[{"introduced":"0"},{"last_affected":"5.13-rc6"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}