CVE-2021-43083
Last modified
CVE-2021-43083 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. EPSS estimates a 1.92% chance of exploitation in the next 30 days.
Description
Apache PLC4X - PLC4C (Only the C language implementation was effected) was vulnerable to an unsigned integer underflow flaw inside the tcp transport. Users should update to 0.9.1, which addresses this issue. However, in order to exploit this vulnerability, a user would have to actively connect to a mallicious device which could send a response with invalid content. Currently we consider the probability of this being exploited as quite minimal, however this could change in the future, especially with the industrial networks growing more and more together.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Plc4x | < 0.9.1 |
References
- http://www.openwall.com/lists/oss-security/2021/12/20/2Mailing List, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2021/12/20/2Mailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-43083?
How severe is CVE-2021-43083?
How do I fix CVE-2021-43083?
Are you affected by CVE-2021-43083?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST