zephyrproject zephyr 释放后使用
CVE编号
CVE-2021-3455利用情况
暂无补丁情况
N/A披露时间
2021-10-20漏洞描述
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions >= 2.4.0, >= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | kernel | * | Up to (excluding) 2.0.0-23.gitd1c6db8.amzn2.0.4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2023 | python-pillow | * | Up to (excluding) 9.4.0-2.amzn2023.0.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | golang | * | Up to (excluding) 1.15.14-1.69.amzn1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | anolis_os_7 | kernel | * | Up to (excluding) 4.19 | |||||
| 运行在以下环境 | |||||||||
| 系统 | anolis_os_8 | python3-pillow-doc | * | Up to (excluding) 4.19 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | grafana-debuginfo | * | Up to (excluding) 5.1.1-16.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_33 | tor-debuginfo | * | Up to (excluding) 5.13.8-100.fc33 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_34 | tor-debuginfo | * | Up to (excluding) 5.13.8-200.fc34 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_35 | opendmarc-debuginfo | * | Up to (excluding) 1.4.1.1-2.fc35 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_7 | tor | * | Up to (excluding) 6.2.2-3.el7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_8 | tor-debugsource | * | Up to (excluding) 1.4.1.1-3.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP1 | python2-pillow | * | Up to (excluding) 5.3.0-17.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP2 | python3-pillow | * | Up to (excluding) 4.19.90-25.11.v2101.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP1 | python2-pillow | * | Up to (excluding) 5.3.0-17.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP2 | python3-pillow | * | Up to (excluding) 4.19.90-25.11.v2101.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | tor | * | Up to (excluding) 5.3.18-lp152.98.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.3 | kernel | * | Up to (excluding) 5.3.18-59.24.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | oraclelinux-release | * | Up to (excluding) 1.15.14-1.module+el8.4.0+20290+7af514f4 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_9 | oraclelinux-release | * | Up to (excluding) 4.2.0-3.0.1.el9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | grafana-debuginfo | * | Up to (excluding) 1.15.14-1.module+el8.4.0+11833+614b07b8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_9 | podman-gvproxy-debuginfo | * | Up to (excluding) 4.2.0-3.el9 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | kernel | * | Up to (excluding) 4.12.14-122.88.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04.5_lts | linux-aws-5.4 | * | Up to (excluding) 5.4.0-1059.62~18.04.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | zephyrproject | zephyr | * | From (including) 2.4.0 | Up to (excluding) 2.6.0 | ||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 高
- 保密性 无
- 完整性 无
| CWE-ID | 漏洞类型 |
| CWE-416 | 释放后使用 |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论