CVE-2021-3570

2021-07-0500:00:00

ubuntu.com

linuxptp

ptp4l program

information leak

remote code execution

vulnerability

data confidentiality

data integrity

system availability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:P/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.012

Percentile

85.3%

JSON

A flaw was found in the ptp4l program of the linuxptp package. A missing
length check when forwarding a PTP message between ports allows a remote
attacker to cause an information leak, crash, or potentially remote code
execution. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability. This flaw
affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before
1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlinuxptp< 1.8-1ubuntu0.1UNKNOWN
ubuntu20.04noarchlinuxptp< 1.9.2-1ubuntu0.1UNKNOWN
ubuntu16.04noarchlinuxptp< 1.6-1ubuntu0.1~esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	linuxptp	< 1.8-1ubuntu0.1	UNKNOWN
ubuntu	20.04	noarch	linuxptp	< 1.9.2-1ubuntu0.1	UNKNOWN
ubuntu	16.04	noarch	linuxptp	< 1.6-1ubuntu0.1~esm1	UNKNOWN