CVE-2021-3700Use After Free in Usbredir

CWE-416Use After Free8 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
0.0%
top 87.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Spice-space UsbredirDebian LinuxFedoraproject Fedora+1 more
Timeline
PublishedFeb 24
Latest updateJan 3

Description

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages3 packages

NVDspice-space/usbredir< 0.11.0
Debianspice-space/usbredir< 0.11.0-1+2
CVEListV5spice-space/usbredirusbredir 0.11.0

Also affects: Debian Linux 9.0, Fedora 34, Enterprise Linux 6.0, 7.0, 8.0

Patches

Patch: bugzilla.redhat.comPatch: gitlab.freedesktop.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-9885-wxqj-48q7: A use-after-free vulnerability was found in usbredir in versions prior to 02022-02-25
OSV
CVE-2021-3700: A use-after-free vulnerability was found in usbredir in versions prior to 02022-02-24
CVEList
CVE-2021-3700: A use-after-free vulnerability was found in usbredir in versions prior to 02022-02-24

📋Vendor Advisories

4
Ubuntu
usbredir vulnerability2023-01-03
Microsoft
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts 2022-02-08
Red Hat
usbredir: use-after-free in usbredirparser_serialize() in usbredirparser/usbredirparser.c2021-08-08
Debian
CVE-2021-3700: usbredir - A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0...2021
CVE-2021-3700 — Use After Free in Spice-space Usbredir | cvebase