Vulnerability Description
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spice-Space | Usbredir | < 0.11.0 |
| Redhat | Enterprise Linux | 6.0 |
| Fedoraproject | Fedora | 34 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1992830Issue TrackingPatchThird Party Advisory
- https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831baPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00030.htmlMailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1992830Issue TrackingPatchThird Party Advisory
- https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831baPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00030.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2021-3700?
CVE-2021-3700 is a vulnerability with a CVSS score of 6.4 (MEDIUM). A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts ...
How severe is CVE-2021-3700?
CVE-2021-3700 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3700?
Check the references section above for vendor advisories and patch information. Affected products include: Spice-Space Usbredir, Redhat Enterprise Linux, Fedoraproject Fedora, Debian Debian Linux.