CVE-2021-3861: Buffer Overflow
First published: Mon Feb 07 2022(Updated: )
The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
Credit: vulnerabilities@zephyrproject.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zephyrproject Zephyr | >=2.6.0<=2.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-3861?
CVE-2021-3861 is a vulnerability in the RNDIS USB device class that includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 are affected.
What is the severity of CVE-2021-3861?
The severity of CVE-2021-3861 is high with a CVSS score of 6.8.
How does CVE-2021-3861 affect Zephyr versions?
CVE-2021-3861 affects Zephyr versions greater than or equal to v2.6.0.
What is the CWE ID for CVE-2021-3861?
CVE-2021-3861 is associated with CWE IDs 119, 787, and 122.
Where can I find more information about CVE-2021-3861?
You can find more information about CVE-2021-3861 at the following link: http://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj
- collector/nvd-index
- agent/tags
- agent/event
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/zephyrproject
- canonical/zephyrproject zephyr
- version/zephyrproject zephyr/2.6.0
- version/zephyrproject zephyr/2.7.1