{"api_version":"1","generated_at":"2026-04-23T00:40:08+00:00","cve":"CVE-2021-3570","urls":{"html":"https://cve.report/CVE-2021-3570","api":"https://cve.report/api/cve/CVE-2021-3570.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3570","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3570"},"summary":{"title":"CVE-2021-3570","description":"A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-07-09 11:15:00","updated_at":"2023-11-07 03:38:00"},"problem_types":["CWE-787"],"metrics":[],"references":[{"url":"https://www.debian.org/security/2021/dsa-4938","name":"DSA-4938","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4938-1 linuxptp","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/","name":"FEDORA-2021-a5b584004c","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: linuxptp-3.1.1-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html","name":"[debian-lts-announce] 20210731 [SECURITY] [DLA 2723-1] linuxptp security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2723-1] linuxptp security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966240","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1966240","refsource":"MISC","tags":[],"title":"1966240 – (CVE-2021-3570) CVE-2021-3570 linuxptp: missing length check of forwarded messages","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/","name":"FEDORA-2021-a5b584004c","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: linuxptp-3.1.1-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/","name":"FEDORA-2021-1b42c2f458","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: linuxptp-3.1.1-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/","name":"FEDORA-2021-1b42c2f458","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: linuxptp-3.1.1-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3570","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3570","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"linuxptp_project","cpe5":"linuxptp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_aus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_aus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_eus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_tus","cpe6":"8.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3570","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux_tus","cpe6":"8.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3570","qid":"159299","title":"Oracle Enterprise Linux Security Update for linuxptp (ELSA-2021-2658)"},{"cve":"CVE-2021-3570","qid":"159300","title":"Oracle Enterprise Linux Security Update for linuxptp (ELSA-2021-2660)"},{"cve":"CVE-2021-3570","qid":"178704","title":"Debian Security Update for linuxptp (DSA 4938-1)"},{"cve":"CVE-2021-3570","qid":"178732","title":"Debian Security Update for linuxptp (DLA 2723-1)"},{"cve":"CVE-2021-3570","qid":"179940","title":"Debian Security Update for linuxptp (CVE-2021-3570)"},{"cve":"CVE-2021-3570","qid":"199369","title":"Ubuntu Security Notification for Linux PTP Vulnerability (USN-6097-1)"},{"cve":"CVE-2021-3570","qid":"239486","title":"Red Hat Update for linuxptp (RHSA-2021:2660)"},{"cve":"CVE-2021-3570","qid":"239487","title":"Red Hat Update for linuxptp (RHSA-2021:2659)"},{"cve":"CVE-2021-3570","qid":"239488","title":"Red Hat Update for linuxptp (RHSA-2021:2658)"},{"cve":"CVE-2021-3570","qid":"239489","title":"Red Hat Update for linuxptp (RHSA-2021:2657)"},{"cve":"CVE-2021-3570","qid":"257096","title":"CentOS Security Update for linuxptp (CESA-2021:2658)"},{"cve":"CVE-2021-3570","qid":"281725","title":"Fedora Security Update for linuxptp (FEDORA-2021-1b42c2f458)"},{"cve":"CVE-2021-3570","qid":"281726","title":"Fedora Security Update for linuxptp (FEDORA-2021-a5b584004c)"},{"cve":"CVE-2021-3570","qid":"352502","title":"Amazon Linux Security Advisory for linuxptp: ALAS2-2021-1697"},{"cve":"CVE-2021-3570","qid":"376999","title":"Alibaba Cloud Linux Security Update for linuxptp (ALINUX2-SA-2021:0042)"},{"cve":"CVE-2021-3570","qid":"377099","title":"Alibaba Cloud Linux Security Update for linuxptp (ALINUX3-SA-2021:0050)"},{"cve":"CVE-2021-3570","qid":"670715","title":"EulerOS Security Update for linuxptp (EulerOS-SA-2021-2473)"},{"cve":"CVE-2021-3570","qid":"670751","title":"EulerOS Security Update for linuxptp (EulerOS-SA-2021-2509)"},{"cve":"CVE-2021-3570","qid":"670922","title":"EulerOS Security Update for linuxptp (EulerOS-SA-2021-2473)"},{"cve":"CVE-2021-3570","qid":"670964","title":"EulerOS Security Update for linuxptp (EulerOS-SA-2021-2596)"},{"cve":"CVE-2021-3570","qid":"750871","title":"SUSE Enterprise Linux Security Update for linuxptp (SUSE-SU-2021:2443-1)"},{"cve":"CVE-2021-3570","qid":"750896","title":"SUSE Enterprise Linux Security Update for linuxptp (SUSE-SU-2021:2472-1)"},{"cve":"CVE-2021-3570","qid":"750902","title":"SUSE Enterprise Linux Security Update for linuxptp (SUSE-SU-2021:2545-1)"},{"cve":"CVE-2021-3570","qid":"750942","title":"OpenSUSE Security Update for linuxptp (openSUSE-SU-2021:1102-1)"},{"cve":"CVE-2021-3570","qid":"751173","title":"OpenSUSE Security Update for linuxptp (openSUSE-SU-2021:3202-1)"},{"cve":"CVE-2021-3570","qid":"940258","title":"AlmaLinux Security Update for linuxptp (ALSA-2021:2660)"},{"cve":"CVE-2021-3570","qid":"960038","title":"Rocky Linux Security Update for linuxptp (RLSA-2021:2660)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3570","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"linuxptp","version":{"version_data":[{"version_value":"linuxptp 3.1.1, linuxptp 2.0.1, linuxptp 1.9.3, linuxptp 1.8.1, linuxptp 1.7.1, linuxptp 1.6.1, linuxptp 1.5.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-119"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1966240","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966240"},{"refsource":"DEBIAN","name":"DSA-4938","url":"https://www.debian.org/security/2021/dsa-4938"},{"refsource":"FEDORA","name":"FEDORA-2021-1b42c2f458","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/"},{"refsource":"FEDORA","name":"FEDORA-2021-a5b584004c","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/"},{"refsource":"MLIST","name":"[debian-lts-announce] 20210731 [SECURITY] [DLA 2723-1] linuxptp security update","url":"https://lists.debian.org/debian-lts-announce/2021/07/msg00025.html"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1."}]}},"nvd":{"publishedDate":"2021-07-09 11:15:00","lastModifiedDate":"2023-11-07 03:38:00","problem_types":["CWE-787"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.8,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:C","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE","baseScore":8},"severity":"HIGH","exploitabilityScore":8,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionStartIncluding":"1.9.0","versionEndExcluding":"1.9.3","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionStartIncluding":"1.8.0","versionEndExcluding":"1.8.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionStartIncluding":"1.6.0","versionEndExcluding":"1.6.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionStartIncluding":"1.7.0","versionEndExcluding":"1.7.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3570","Ordinal":"209221","Title":"CVE-2021-3570","CVE":"CVE-2021-3570","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3570","Ordinal":"1","NoteData":"A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3570","Ordinal":"2","NoteData":"2021-07-09","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3570","Ordinal":"3","NoteData":"2021-07-30","Type":"Other","Title":"Modified"}]}}}