CVE-2021-3700 - OpenCVE

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Spice-space	Usbredir
Redhat	Enterprise Linux
Debian	Debian Linux
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:spice-space:usbredir:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*

Configuration 3 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1992830	Issue Tracking Patch Third Party Advisory
https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2022-02-24T18:50:17

Updated: 2022-03-21T02:06:18

Reserved: 2021-08-11T00:00:00

Link: CVE-2021-3700

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-24T19:15:09.260

Modified: 2022-04-25T20:47:05.690

Link: CVE-2021-3700

JSON object: View

Redhat Information

No data.

CWE

CWE-416

{"containers": {"cna": {"affected": [{"product": "usbredir", "vendor": "n/a", "versions": [{"status": "affected", "version": "usbredir 0.11.0"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-03-21T02:06:18", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992830"}, {"tags": ["x_refsource_MISC"], "url": "https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba"}, {"name": "[debian-lts-announce] 20220320 [SECURITY] [DLA 2958-1] usbredir security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "usbredir", "version": {"version_data": [{"version_value": "usbredir 0.11.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-416"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1992830", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992830"}, {"name": "https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba", "refsource": "MISC", "url": "https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba"}, {"name": "[debian-lts-announce] 20220320 [SECURITY] [DLA 2958-1] usbredir security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3700", "datePublished": "2022-02-24T18:50:17", "dateReserved": "2021-08-11T00:00:00", "dateUpdated": "2022-03-21T02:06:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:spice-space:usbredir:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7C154B8-B9BA-457A-84FE-ADC67AA7B024", "versionEndExcluding": "0.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de uso de memoria previamente liberada en usbredir en versiones anteriores a 0.11.0, en la funci\u00f3n usbredirparser_serialize() en el archivo usbredirparser/usbredirparser.c. Este problema es producido cuando son serializados grandes cantidades de datos de escritura en b\u00fafer en el caso de un destino lento o bloqueado"}], "id": "CVE-2021-3700", "lastModified": "2022-04-25T20:47:05.690", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-24T19:15:09.260", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992830"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "secalert@redhat.com", "type": "Secondary"}]}