CVE-2021-3522 — MEDIUM (5.5)

Q: What is CVE-2021-3522?

CVE-2021-3522 is a vulnerability with a CVSS score of 5.5 (MEDIUM). GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

Q: How severe is CVE-2021-3522?

CVE-2021-3522 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-3522?

Check the references section above for vendor advisories and patch information. Affected products include: Gstreamer Gstreamer, Netapp Active Iq Unified Manager, Netapp E-Series Santricity Os Controller, Netapp E-Series Santricity Storage Manager, Netapp E-Series Santricity Web Services.

Vulnerability Description

GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gstreamer	Gstreamer	< 1.18.4
Netapp	Active Iq Unified Manager	-
Netapp	E-Series Santricity Os Controller	>= 11.0.0, <= 11.70.1
Netapp	E-Series Santricity Storage Manager	-
Netapp	E-Series Santricity Web Services	-
Netapp	Hci Management Node	-
Netapp	Oncommand Insight	-
Netapp	Oncommand Workflow Automation	-
Netapp	Santricity Unified Manager	-
Netapp	Snapmanager	-
Netapp	Solidfire	-
Oracle	Openjdk	8

Related Weaknesses (CWE)

CWE-125

References

https://bugzilla.redhat.com/show_bug.cgi?id=1954761Issue TrackingThird Party Advisory
https://security.gentoo.org/glsa/202208-31Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0004/Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1954761Issue TrackingThird Party Advisory
https://security.gentoo.org/glsa/202208-31Third Party Advisory
https://security.netapp.com/advisory/ntap-20211022-0004/Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory

FAQ

What is CVE-2021-3522?

CVE-2021-3522 is a vulnerability with a CVSS score of 5.5 (MEDIUM). GStreamer before 1.18.4 may perform an out-of-bounds read when handling certain ID3v2 tags.

How severe is CVE-2021-3522?

CVE-2021-3522 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3522?

Check the references section above for vendor advisories and patch information. Affected products include: Gstreamer Gstreamer, Netapp Active Iq Unified Manager, Netapp E-Series Santricity Os Controller, Netapp E-Series Santricity Storage Manager, Netapp E-Series Santricity Web Services.