Vulnerabilities > CVE-2021-3700 - Use After Free vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 3 | |
| OS | 1 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1992830
- https://bugzilla.redhat.com/show_bug.cgi?id=1992830
- https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba
- https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba
- https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html
- https://lists.debian.org/debian-lts-announce/2022/03/msg00030.html