CVE-2021-43267

Description from NVD

An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type.

Information Acquisition Date:2022-02-16T14:42Z

CVSS 2.0: 7.5 HIGH CVSS 3.x: 9.8 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:N/AC:L/Au:N/C:P/I:P/A:P

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Parical	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://github.com/torvalds/linux/commit/fa40d9734a57bcbfa79a280189799f76c88f7bb0
source:MISC
tags:Patch Third Party Advisory

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.16
source:MISC
tags:Mailing List Release Notes Vendor Advisory

FEDORA-2021-a093973910
source:FEDORA
tags:Mailing List Third Party Advisory

FEDORA-2021-bdd146e463
source:FEDORA
tags:Mailing List Third Party Advisory

https://security.netapp.com/advisory/ntap-20211125-0002/
source:CONFIRM
tags:Third Party Advisory

[oss-security] 20220210 CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc)
source:MLIST
tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...	235
https://twitter.com/TheHackersNews/status/1456232864278667265	5
https://www.appgate.com/blog/a-remote-stack-overflow-in-the...	4
https://securityaffairs.co/wordpress/124191/hacking/linux-k...	4
https://s1.ai/wmkPFR	3
https://zpr.io/6CWrP	3
https://haxx.in/posts/pwning-tipc/	3
https://github.com/ohnonoyesyes/CVE-2021-43267	3
https://threatpost.com/critical-linux-kernel-bug/176000/	3
https://thehackernews.com/2021/11/critical-rce-vulnerabilit...	3
https://securityonline.info/cve-2021-43267-poc/	3
https://www.sentinelone.com/labs/tipc-remote-linux-kernel-h...	3
https://www.kennasecurity.com/blog/march-vuln-of-the-month-...	3

Information from Twitter

User	URL	Info Source	Date
No Data

List of frequently cited URLs

URL	Num of Times Referred to
alerts.vulmon.com	235
twitter.com	5
www.appgate.com	4
securityaffairs.co	4
s1.ai	3
zpr.io	3
haxx.in	3
github.com	3
threatpost.com	3
thehackernews.com	3
securityonline.info	3
www.sentinelone.com	3
www.kennasecurity.com	3

Information from Twitter

User	URL	Info Source
No Data

GitHub Search Results: Up to 10

Name	URL
ohnonoyesyes/CVE-2021-43267	https://github.com/ohnonoyesyes/CVE-2021-43267
DarkSprings/CVE-2021-43267-POC	https://github.com/DarkSprings/CVE-2021-43267-POC

GitHub Search Results: Up to 10

Name	URL
ohnonoyesyes/CVE-2021-43267	github.com
DarkSprings/CVE-2021-43267-POC	github.com

2023/03/16 Score : 0
Added Har-sia Database : 2021/11/03
Last Modified : 2023/03/16
Highest Scored Date : 2021/11/05
Highest Score : 47