Vulnerabilities > CVE-2021-3700 - Use After Free vulnerability in multiple products

A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.

Vulnerable Configurations

Part	Description	Count
Application	Spice-Space Spice Space Usbredir *	1
OS	Redhat Redhat Enterprise Linux 7.0 Redhat Enterprise Linux 6.0 Redhat Enterprise Linux 8.0	3
OS	Fedoraproject Fedoraproject Fedora 34	1
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://bugzilla.redhat.com/show_bug.cgi?id=1992830
https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba
https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html