CVE-2021-3570
linuxptp - security update
8.8
HIGH
CVSS 3.1
EPSS 5.4%
Description
A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.
How to fix CVE-2021-3570
To remediate CVE-2021-3570, upgrade the affected package to a fixed version below.
- —upgrade to 3.1-2.1 or later
- —upgrade to 1.8-1+deb9u1 or later
- —upgrade to 1.9.2-1+deb10u1 or later
Is CVE-2021-3570 being exploited?
Moderate — EPSS is 5.4%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 3.1-2.1
- from 0, < 1.8-1+deb9u1
- from 0, < 1.9.2-1+deb10u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |