Common Weakness Enumeration

CWE-824

Allowed

Access of Uninitialized Pointer

Abstraction: Base · Status: Incomplete

The product accesses or uses a pointer that has not been initialized.

451 vulnerabilities reference this CWE, most recent first.

CVE-2021-26093 (GCVE-0-2021-26093)

Vulnerability from cvelistv5 – Published: 2024-12-19 07:47 – Updated: 2024-12-20 17:41
VLAI
Summary
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Fortinet FortiWLC Affected: 8.6.0
Affected: 8.5.0 , ≤ 8.5.3 (semver)
Affected: 8.4.4 , ≤ 8.4.8 (semver)
Affected: 8.4.0 , ≤ 8.4.2 (semver)
Affected: 8.3.0 , ≤ 8.3.3 (semver)
Affected: 8.2.4 , ≤ 8.2.7 (semver)
Affected: 8.1.2 , ≤ 8.1.3 (semver)
Affected: 8.0.6
    cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:fortinet:fortiwlc:8.0.6:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-26093",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-20T16:45:09.690266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-20T17:41:17.833Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:fortinet:fortiwlc:8.6.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.5.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.8:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.4.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.3.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.3.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.3.1:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.3.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.2.7:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.2.6:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.2.5:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.2.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.1.3:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.1.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:fortinet:fortiwlc:8.0.6:*:*:*:*:*:*:*"
          ],
          "defaultStatus": "unaffected",
          "product": "FortiWLC",
          "vendor": "Fortinet",
          "versions": [
            {
              "status": "affected",
              "version": "8.6.0"
            },
            {
              "lessThanOrEqual": "8.5.3",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.8",
              "status": "affected",
              "version": "8.4.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.2",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.3.3",
              "status": "affected",
              "version": "8.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.2.7",
              "status": "affected",
              "version": "8.2.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.1.3",
              "status": "affected",
              "version": "8.1.2",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "8.0.6"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An access of uninitialized pointer (CWE-824) vulnerability\u00a0in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point\u00a0being managed by the controller by executing a crafted CLI command."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H/E:P/RL:X/RC:R",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "Denial of service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T07:47:44.394Z",
        "orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
        "shortName": "fortinet"
      },
      "references": [
        {
          "name": "https://fortiguard.com/psirt/FG-IR-21-002",
          "url": "https://fortiguard.com/psirt/FG-IR-21-002"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Please upgrade to FortiWLC version 8.6.3 or above."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
    "assignerShortName": "fortinet",
    "cveId": "CVE-2021-26093",
    "datePublished": "2024-12-19T07:47:44.394Z",
    "dateReserved": "2021-01-25T14:47:15.093Z",
    "dateUpdated": "2024-12-20T17:41:17.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-22758 (GCVE-0-2021-22758)

Vulnerability from cvelistv5 – Published: 2021-06-11 15:40 – Updated: 2024-08-03 18:51
VLAI
Summary
A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition.
Severity
No CVSS data available.
CWE
  • CWE-824 - Access of uninitialized pointer
Assigner
References
Impacted products
Vendor Product Version
n/a IGSS Definition (Def.exe) V15.0.0.21140 and prior Affected: IGSS Definition (Def.exe) V15.0.0.21140 and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824: Access of uninitialized pointer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-11T15:40:46.000Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@schneider-electric.com",
          "ID": "CVE-2021-22758",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IGSS Definition (Def.exe) V15.0.0.21140 and prior",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "IGSS Definition (Def.exe) V15.0.0.21140 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CWE-824: Access of uninitialized pointer vulnerability exists inIGSS Definition (Def.exe) V15.0.0.21140 and prior that could result in loss of data or remote code execution due to lack validation of user-supplied input data, when a malicious CGF file is imported to IGSS Definition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-824: Access of uninitialized pointer"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01",
              "refsource": "MISC",
              "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2021-22758",
    "datePublished": "2021-06-11T15:40:46.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:51:07.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-22670 (GCVE-0-2021-22670)

Vulnerability from cvelistv5 – Published: 2021-03-03 16:04 – Updated: 2024-08-03 18:51
VLAI
Summary
An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution.
Severity
No CVSS data available.
CWE
  • CWE-824 - ACCESS OF UNINITIALIZED POINTER CWE-824
Assigner
References
Impacted products
Vendor Product Version
n/a Fatek FvDesigner Affected: Version 1.5.76 and prior
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:51:07.194Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Fatek FvDesigner",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Version 1.5.76 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "ACCESS OF UNINITIALIZED POINTER CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-03T16:04:33.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-22670",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Fatek FvDesigner",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Version 1.5.76 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An uninitialized pointer may be exploited in Fatek FvDesigner Version 1.5.76 and prior while the application is processing project files, allowing an attacker to craft a special project file that may permit arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "ACCESS OF UNINITIALIZED POINTER CWE-824"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-056-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-22670",
    "datePublished": "2021-03-03T16:04:33.000Z",
    "dateReserved": "2021-01-05T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:51:07.194Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-22639 (GCVE-0-2021-22639)

Vulnerability from cvelistv5 – Published: 2021-01-27 19:05 – Updated: 2024-08-03 18:44
VLAI
Summary
An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0).
Severity
No CVSS data available.
CWE
  • CWE-824 - ACCESS OF UNINITIALIZED POINTER CWE-824
Assigner
Impacted products
Vendor Product Version
n/a Tellus Lite V-Simulator and V-Server Lite Affected: Versions prior to 4.0.10.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:44:14.040Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-098/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Tellus Lite V-Simulator and V-Server Lite",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 4.0.10.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "ACCESS OF UNINITIALIZED POINTER CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-29T07:06:35.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-098/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-22639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Tellus Lite V-Simulator and V-Server Lite",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 4.0.10.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An uninitialized pointer issue has been identified in the way the application processes project files, allowing an attacker to craft a special project file that may allow arbitrary code execution on the Tellus Lite V-Simulator and V-Server Lite (versions prior to 4.0.10.0)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "ACCESS OF UNINITIALIZED POINTER CWE-824"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-026-01"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-098/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-098/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-22639",
    "datePublished": "2021-01-27T19:05:19.000Z",
    "dateReserved": "2021-01-05T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:44:14.040Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3608 (GCVE-0-2021-3608)

Vulnerability from cvelistv5 – Published: 2022-02-24 18:50 – Updated: 2024-08-03 17:01
VLAI
Summary
A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a "PVRDMA_REG_DSRHIGH" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a QEMU Affected: qemu-kvm 6.1.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
          },
          {
            "name": "GLSA-202208-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-27"
          },
          {
            "name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "qemu-kvm 6.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-05T05:06:18.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
        },
        {
          "name": "GLSA-202208-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-27"
        },
        {
          "name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3608",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "QEMU",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "qemu-kvm 6.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the QEMU implementation of VMWare\u0027s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a \"PVRDMA_REG_DSRHIGH\" write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-824"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1973383"
            },
            {
              "name": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html",
              "refsource": "MISC",
              "url": "https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg07926.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220318-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220318-0002/"
            },
            {
              "name": "GLSA-202208-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-27"
            },
            {
              "name": "[debian-lts-announce] 20220905 [SECURITY] [DLA 3099-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00008.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3608",
    "datePublished": "2022-02-24T18:50:20.000Z",
    "dateReserved": "2021-06-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:08.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3595 (GCVE-0-2021-3595)

Vulnerability from cvelistv5 – Published: 2021-06-15 00:00 – Updated: 2024-08-03 17:01
VLAI
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a QEMU Affected: libslirp 4.6.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970489"
          },
          {
            "name": "FEDORA-2021-71de23bedd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
          },
          {
            "name": "FEDORA-2021-7cd749f133",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
          },
          {
            "name": "GLSA-202107-44",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-44"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
          },
          {
            "name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libslirp 4.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027tftp_t\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-14T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970489"
        },
        {
          "name": "FEDORA-2021-71de23bedd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
        },
        {
          "name": "FEDORA-2021-7cd749f133",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
        },
        {
          "name": "GLSA-202107-44",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-44"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
        },
        {
          "name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3595",
    "datePublished": "2021-06-15T00:00:00.000Z",
    "dateReserved": "2021-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:07.535Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3594 (GCVE-0-2021-3594)

Vulnerability from cvelistv5 – Published: 2021-06-15 00:00 – Updated: 2024-08-03 17:01
VLAI
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a QEMU Affected: libslirp 4.6.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970491"
          },
          {
            "name": "FEDORA-2021-71de23bedd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
          },
          {
            "name": "FEDORA-2021-7cd749f133",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
          },
          {
            "name": "GLSA-202107-44",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-44"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
          },
          {
            "name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libslirp 4.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-14T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970491"
        },
        {
          "name": "FEDORA-2021-71de23bedd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
        },
        {
          "name": "FEDORA-2021-7cd749f133",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
        },
        {
          "name": "GLSA-202107-44",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-44"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
        },
        {
          "name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3594",
    "datePublished": "2021-06-15T00:00:00.000Z",
    "dateReserved": "2021-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:07.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3593 (GCVE-0-2021-3593)

Vulnerability from cvelistv5 – Published: 2021-06-15 00:00 – Updated: 2024-08-03 17:01
VLAI
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a QEMU Affected: libslirp 4.6.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:07.949Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970487"
          },
          {
            "name": "FEDORA-2021-71de23bedd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
          },
          {
            "name": "FEDORA-2021-7cd749f133",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
          },
          {
            "name": "GLSA-202107-44",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-44"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
          },
          {
            "name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
          },
          {
            "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libslirp 4.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027udphdr\u0027 structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-14T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970487"
        },
        {
          "name": "FEDORA-2021-71de23bedd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
        },
        {
          "name": "FEDORA-2021-7cd749f133",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
        },
        {
          "name": "GLSA-202107-44",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-44"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
        },
        {
          "name": "[debian-lts-announce] 20220404 [SECURITY] [DLA 2970-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00002.html"
        },
        {
          "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3593",
    "datePublished": "2021-06-15T00:00:00.000Z",
    "dateReserved": "2021-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:07.949Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3592 (GCVE-0-2021-3592)

Vulnerability from cvelistv5 – Published: 2021-06-15 00:00 – Updated: 2024-08-03 17:01
VLAI
Summary
An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.
Severity
No CVSS data available.
CWE
Assigner
Impacted products
Vendor Product Version
n/a QEMU Affected: libslirp 4.6.0
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:06.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970484"
          },
          {
            "name": "FEDORA-2021-71de23bedd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
          },
          {
            "name": "FEDORA-2021-7cd749f133",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
          },
          {
            "name": "GLSA-202107-44",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-44"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
          },
          {
            "name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
          },
          {
            "name": "[debian-lts-announce] 20210911 [SECURITY] [DLA 2753-2] qemu regression update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html"
          },
          {
            "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "QEMU",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "libslirp 4.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the \u0027bootp_t\u0027 structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-14T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970484"
        },
        {
          "name": "FEDORA-2021-71de23bedd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GCKWZWY64EHTOQMLVLTSZ4AA27EWRJMH/"
        },
        {
          "name": "FEDORA-2021-7cd749f133",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGPQZFVJCFGDSISFXPCQTTBBD7QZLJKI/"
        },
        {
          "name": "GLSA-202107-44",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-44"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210805-0004/"
        },
        {
          "name": "[debian-lts-announce] 20210902 [SECURITY] [DLA 2753-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00000.html"
        },
        {
          "name": "[debian-lts-announce] 20210911 [SECURITY] [DLA 2753-2] qemu regression update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00004.html"
        },
        {
          "name": "[debian-lts-announce] 20230314 [SECURITY] [DLA 3362-1] qemu security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3592",
    "datePublished": "2021-06-15T00:00:00.000Z",
    "dateReserved": "2021-06-10T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:01:06.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-1619 (GCVE-0-2021-1619)

Vulnerability from cvelistv5 – Published: 2021-09-23 02:30 – Updated: 2024-11-07 21:57
VLAI
Title
Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability
Summary
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Date Public
2021-09-22 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:11.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20210922 Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:55:52.696954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:57:46.001Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2021-09-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-824",
              "description": "CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-23T02:30:55.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20210922 Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q"
        }
      ],
      "source": {
        "advisory": "cisco-sa-aaa-Yx47ZT8Q",
        "defect": [
          [
            "CSCvt53563"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2021-09-22T16:00:00",
          "ID": "CVE-2021-1619",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IOS XE Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, or delete the configuration of an affected device Cause memory corruption that results in a denial of service (DoS) on an affected device This vulnerability is due to an uninitialized variable. An attacker could exploit this vulnerability by sending a series of NETCONF or RESTCONF requests to an affected device. A successful exploit could allow the attacker to use NETCONF or RESTCONF to install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-824"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210922 Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-aaa-Yx47ZT8Q",
          "defect": [
            [
              "CSCvt53563"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2021-1619",
    "datePublished": "2021-09-23T02:30:56.078Z",
    "dateReserved": "2020-11-13T00:00:00.000Z",
    "dateUpdated": "2024-11-07T21:57:46.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.