Home CVE Database CVE-2021-29997

CVE-2021-29997

Description

An issue was discovered in Wind River VxWorks 7 before 21.03, A specially crafted packet may lead to buffer over-read on IKE

Priority: MEDIUM
CVSS v3: 5.3
Publish Date: Apr 13, 2021
Related ID: CVE-2021-29997
CVSS v2: LOW
Modified Date: Apr 16, 2021

Find out more about CVE-2021-29997 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Product Name Status Defect Fixed Downloads
Linux
Wind River Linux LTS 17 Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
Wind River Linux 8 Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
Wind River Linux 9 Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
Wind River Linux 7 Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
Wind River Linux LTS 21 Not Vulnerable -- -- --
Wind River Linux LTS 18 Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
Wind River Linux LTS 19 Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
Wind River Linux CD release Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
VxWorks
VxWorks 7 Fixed V7SEC-1143
21.03 CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE
VxWorks 6.9 Not Vulnerable -- -- CVE-2021-29997: An issue was discovered in VxWorks 7 from SR0490 to SR0660, A specially crafted packet may lead to buffer over-read on IKE

Related Products

Product Name Status Defect Fixed Downloads

Comments

CVSS score: https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L&version=3.1; Attack Vector: Network - The vulnerable component is IKE which bound to the network stack, the attacker can exploit crafted IKE packet to trigger the vulnerability across a wide area network; Attack Complexity: Low - The attacker just needs construct specialized IKE packet; Privileges Required: None - The attacker can exploit the vulnerability as long as he is able to send packet to the IKE service; User Interaction: None - No user interaction needed from any user; Scope: Unchanged - Only IKE itself would be affected; Confidentiality: None - No information would be returned to attached after a successful exploited vulnerability; Integrity: None - Attacker is not able to modify anything; Availability: Low - The impact is only limited to IKE component while VxWorks is still in service when attack happened.

Live chat
Online