---

Log

AVG-2279 edited at 11 Aug 2021 21:12:40
Ticket	+ 71803

AVG-2279 edited at 11 Aug 2021 21:11:25
Severity	- Unknown + Medium

CVE-2021-3700 edited at 11 Aug 2021 21:11:25
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ An use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in usbredirparser_serialize() in usbredirparser/usbredirparser.c when serializing large amounts of buffered write data in case of a slow or blocked destination.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1992830 + https://gitlab.freedesktop.org/spice/usbredir/-/commit/03c519ff5831ba75120e00ebebbf1d5a1f7220ab
Notes

AVG-2279 created at 11 Aug 2021 21:10:12
Packages	+ usbredir
Issues	+ CVE-2021-3700
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 0.9.0-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-3700 created at 11 Aug 2021 21:10:12

AVG-2226 edited at 11 Aug 2021 20:51:23
Status	- Testing + Fixed

ASA-202108-14 edited at 11 Aug 2021 06:55:13
Impact	+ A remote attacker could execute arbitrary code or trick the user into accepting additional site permissions through crafted web content.

ASA-202108-14 created at 11 Aug 2021 06:53:02

AVG-2235 edited at 11 Aug 2021 06:43:17
Advisory qualified	- Yes + No

AVG-2233 edited at 11 Aug 2021 06:43:13
Advisory qualified	- Yes + No

AVG-2232 edited at 11 Aug 2021 06:43:10
Advisory qualified	- Yes + No

AVG-2278 edited at 11 Aug 2021 06:33:25
Affected	- 5.0.8.sdk205-1 + 3.1.17.sdk117-1