How severe is CVE-2021-47244?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.2 out of 10.

What type of vulnerability is CVE-2021-47244?

This is classified as CWE-125, which is a common weakness in software security.

CVE-2021-47244 - MEDIUM Severity | CVSS 6.2

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix out of bounds when parsing TCP options The TCP option parser in mptcp (mptcp_get_options) could read one byte out of bounds. When the length is 1, the execution flow gets into the loop, reads one byte of the opcode, and if the opcode is neither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds the length of 1. This fix is inspired by commit 9609dad263f8 ("ipv4: tcp_input: fix stack out of bounds when parsing TCP options.").

Related Vulnerabilities

CVE-2014-8716

MEDIUM

CVSS:6.2(Medium)

The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).

CWE-1252014

CVE-2017-13290

MEDIUM

CVSS:6.2(Medium)

In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges ...

CWE-1252017

CVE-2017-13321

MEDIUM

CVSS:6.2(Medium)

In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local i...

CWE-1252017

CVE-2018-9435

MEDIUM

CVSS:6.2(Medium)

In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges ne...

CWE-1252018

CVE-2023-21118

MEDIUM

CVSS:6.2(Medium)

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed....

CWE-1252023

CVE-2024-20107

MEDIUM

CVSS:6.2(Medium)

In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not nee...

CWE-1252024