Bug 13955 - [CVE 21] usbredir 0.8.0 CVEs found
Summary: [CVE 21] usbredir 0.8.0 CVEs found
Status: VERIFIED FIXED
Alias: None
Product: ROSA Fresh
Classification: ROSA-based products
Component: System (kernel, glibc, systemd, bash, PAM...) (show other bugs)
Version: All
Hardware: All Linux
: Normal normal
Target Milestone: ---
Assignee: ROSA Linux Bugs
QA Contact: ROSA Linux Bugs
URL: CVE-2021-3700,
Whiteboard:
Depends on:
Blocks:
 
Reported: 2023-10-18 20:32 MSK by Yury
Modified: 2024-07-01 17:14 MSK (History)
6 users (show)

See Also:
Platform: 2021.1
ROSA Vulnerability identifier:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
v.potapov: qa_verified+
e.kosachev: secteam_verified+
a.proklov: published+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yury 2023-10-18 20:32:01 MSK 
Please patch CVEs for package usbredir version 0.8.0
  
INFO (CVEs are): usbredir 0.8.0
 cves found
CVE-2021-3700
Desc: A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3700
Severity: MEDIUM
Comment 2 Dmitry Postnikov 2023-11-21 22:28:39 MSK 
*****************************
Обновление отослано в Тестинг
Comment 3 Vladimir Potapov 2023-12-04 18:09:53 MSK 
usbredir-0.8.0-4
https://abf.io/build_lists/4825793
https://abf.io/build_lists/4825794
https://abf.io/build_lists/4825795
https://abf.io/build_lists/4825796
https://abf.io/build_lists/4825797
******************************* Advisory **************************
CVE-2021-3700 closed
*******************************************************************
QA Verified
Comment 4 Eduard 2024-07-01 17:14:01 MSK 
*******************************************************
Secteam_verified
*******************************************************
https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2442
*******************************************************