{"api_version":"1","generated_at":"2026-04-23T04:20:41+00:00","cve":"CVE-2021-3571","urls":{"html":"https://cve.report/CVE-2021-3571","api":"https://cve.report/api/cve/CVE-2021-3571.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-3571","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-3571"},"summary":{"title":"CVE-2021-3571","description":"A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2021-07-09 11:15:00","updated_at":"2023-11-07 03:38:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/","name":"FEDORA-2021-a5b584004c","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 33 Update: linuxptp-3.1.1-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966241","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1966241","refsource":"MISC","tags":[],"title":"1966241 – (CVE-2021-3571) CVE-2021-3571 linuxptp: wrong length of one-step follow-up in transparent clock","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/","name":"FEDORA-2021-a5b584004c","refsource":"","tags":[],"title":"[SECURITY] Fedora 33 Update: linuxptp-3.1.1-1.fc33 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/","name":"FEDORA-2021-1b42c2f458","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 34 Update: linuxptp-3.1.1-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/","name":"FEDORA-2021-1b42c2f458","refsource":"","tags":[],"title":"[SECURITY] Fedora 34 Update: linuxptp-3.1.1-1.fc34 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-3571","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3571","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"3571","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"33","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3571","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"34","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3571","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"linuxptp_project","cpe5":"linuxptp","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"3571","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"-","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-3571","qid":"159487","title":"Oracle Enterprise Linux Security Update for linuxptp (ELSA-2021-4321)"},{"cve":"CVE-2021-3571","qid":"180503","title":"Debian Security Update for linuxptp (CVE-2021-3571)"},{"cve":"CVE-2021-3571","qid":"239849","title":"Red Hat Update for linuxptp security (RHSA-2021:4321)"},{"cve":"CVE-2021-3571","qid":"281725","title":"Fedora Security Update for linuxptp (FEDORA-2021-1b42c2f458)"},{"cve":"CVE-2021-3571","qid":"281726","title":"Fedora Security Update for linuxptp (FEDORA-2021-a5b584004c)"},{"cve":"CVE-2021-3571","qid":"352838","title":"Amazon Linux Security Advisory for linuxptp: ALAS2-2021-1705"},{"cve":"CVE-2021-3571","qid":"670715","title":"EulerOS Security Update for linuxptp (EulerOS-SA-2021-2473)"},{"cve":"CVE-2021-3571","qid":"670922","title":"EulerOS Security Update for linuxptp (EulerOS-SA-2021-2473)"},{"cve":"CVE-2021-3571","qid":"901271","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for linuxptp (7283)"},{"cve":"CVE-2021-3571","qid":"940039","title":"AlmaLinux Security Update for linuxptp (ALSA-2021:4321)"},{"cve":"CVE-2021-3571","qid":"960095","title":"Rocky Linux Security Update for linuxptp (RLSA-2021:4321)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-3571","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"linuxptp","version":{"version_data":[{"version_value":"linuxptp 3.1.1, linuxptp 2.0.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-119"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1966241","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1966241"},{"refsource":"FEDORA","name":"FEDORA-2021-1b42c2f458","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VUBKTRCMJ6VKS7DIBSZQB4ATSKVCJYXJ/"},{"refsource":"FEDORA","name":"FEDORA-2021-a5b584004c","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RHRUVSDP673LXJ5HGIPQPWPIYUPWYQA7/"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1."}]}},"nvd":{"publishedDate":"2021-07-09 11:15:00","lastModifiedDate":"2023-11-07 03:38:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.2},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0","versionEndExcluding":"3.1.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"3571","Ordinal":"209222","Title":"CVE-2021-3571","CVE":"CVE-2021-3571","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"3571","Ordinal":"1","NoteData":"A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to data confidentiality and system availability. This flaw affects linuxptp versions before 3.1.1 and before 2.0.1.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"3571","Ordinal":"2","NoteData":"2021-07-09","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"3571","Ordinal":"3","NoteData":"2021-07-16","Type":"Other","Title":"Modified"}]}}}