CVE-2021-3323 - OpenCVE

Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Zephyrproject	Zephyr

Configuration 1 [-]

cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*

References

Link	Resource
http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: zephyr

Published: 2021-04-14T00:00:00

Updated: 2021-10-12T21:50:16

Reserved: 2021-01-27T00:00:00

Link: CVE-2021-3323

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-12T22:15:08.093

Modified: 2021-10-18T18:05:18.787

Link: CVE-2021-3323

JSON object: View

Redhat Information

No data.

CWE

CWE-191

{"containers": {"cna": {"affected": [{"product": "zephyr", "vendor": "zephyrproject-rtos", "versions": [{"lessThan": "unspecified", "status": "affected", "version": ">=2.4.0", "versionType": "custom"}]}], "datePublic": "2021-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "Integer Underflow (Wrap or Wraparound) (CWE-191)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-12T21:50:16", "orgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "shortName": "zephyr"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"}], "source": {"defect": ["https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"]}, "title": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerabilities@zephyrproject.org", "DATE_PUBLIC": "2021-04-14T00:00:00.000Z", "ID": "CVE-2021-3323", "STATE": "PUBLIC", "TITLE": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zephyr", "version": {"version_data": [{"version_affected": ">=", "version_value": ">=2.4.0"}]}}]}, "vendor_name": "zephyrproject-rtos"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "environmentalScore": 8.3, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "temporalScore": 8.3, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Integer Underflow (Wrap or Wraparound) (CWE-191)"}]}]}, "references": {"reference_data": [{"name": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc", "refsource": "MISC", "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"}]}, "source": {"defect": ["https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"]}}}}, "cveMetadata": {"assignerOrgId": "e2e69745-5e70-4e92-8431-deb5529a81ad", "assignerShortName": "zephyr", "cveId": "CVE-2021-3323", "datePublished": "2021-04-14T00:00:00", "dateReserved": "2021-01-27T00:00:00", "dateUpdated": "2021-10-12T21:50:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1F24C66-0DD5-4759-9E12-AA3F180EE6ED", "versionEndExcluding": "2.5.0", "versionStartIncluding": "2.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Integer Underflow in 6LoWPAN IPHC Header Uncompression in Zephyr. Zephyr versions >= >=2.4.0 contain Integer Underflow (Wrap or Wraparound) (CWE-191). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"}, {"lang": "es", "value": "Un Desbordamiento de Enteros en la Descompresi\u00f3n del Encabezado IPHC de 6LoWPAN en Zephyr. Zephyr versiones posteriores a 2.4.0 incluy\u00e9ndola, contiene un desbordamiento de enteros (Wrap o Wraparound) (CWE-191). Para m\u00e1s informaci\u00f3n, consulte https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"}], "id": "CVE-2021-3323", "lastModified": "2021-10-18T18:05:18.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.7, "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}, "published": "2021-10-12T22:15:08.093", "references": [{"source": "vulnerabilities@zephyrproject.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-89j6-qpxf-pfpc"}], "sourceIdentifier": "vulnerabilities@zephyrproject.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-191"}], "source": "vulnerabilities@zephyrproject.org", "type": "Secondary"}]}