How severe is CVE-2021-47152?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-47152?

This is classified as CWE-787, which is a common weakness in software security.

CVE-2021-47152 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to 'mptcp_frag_can_collapse_to()' assuming that only MPTCP will use the given page_frag. If others - e.g. the plain TCP protocol - allocate page fragments, we can end-up re-using already allocated memory for mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data fragment is located at the current page frag end. v1 -> v2: - added missing fixes tag (Mat)

Related Vulnerabilities

CVE-2012-4900

MEDIUM

CVSS:5.5(Medium)

Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference

CWE-7872012

CVE-2015-5158

MEDIUM

CVSS:5.5(Medium)

Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance cr...

CWE-7872015

CVE-2016-10246

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the main function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted f...

CWE-7872016

CVE-2016-10247

MEDIUM

CVSS:5.5(Medium)

Buffer overflow in the my_getline function in jstest_main.c in Mujstest in Artifex Software, Inc. MuPDF before 1.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a cra...

CWE-7872016

CVE-2016-4289

MEDIUM

CVSS:5.5(Medium)

A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER 2.1.19357 application. A specially created long path can lead to a buffer overflo...

CWE-7872016

CVE-2016-5310

MEDIUM

CVSS:5.5(Medium)

The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec E...

CWE-7872016