{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2021-47245","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-04-10T18:59:19.533Z","datePublished":"2024-05-21T14:19:43.648Z","dateUpdated":"2025-05-04T07:07:03.572Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2025-05-04T07:07:03.572Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: synproxy: Fix out of bounds when parsing TCP options\n\nThe TCP option parser in synproxy (synproxy_parse_options) could read\none byte out of bounds. When the length is 1, the execution flow gets\ninto the loop, reads one byte of the opcode, and if the opcode is\nneither TCPOPT_EOL nor TCPOPT_NOP, it reads one more byte, which exceeds\nthe length of 1.\n\nThis fix is inspired by commit 9609dad263f8 (\"ipv4: tcp_input: fix stack\nout of bounds when parsing TCP options.\").\n\nv2 changes:\n\nAdded an early return when length < 0 to avoid calling\nskb_header_pointer with negative length."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_synproxy_core.c"],"versions":[{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8","status":"affected","versionType":"git"},{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"576c1526b4d83c44ad7b673cb841f36cbc6cb6c4","status":"affected","versionType":"git"},{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"674b5f0c6a4fc5d3abce877048290cea6091fcb1","status":"affected","versionType":"git"},{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"7d9a9a1a88a3da574e019b4de756bc73337b3b0b","status":"affected","versionType":"git"},{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"6defc77d48eff74075b80ad5925061b2fc010d98","status":"affected","versionType":"git"},{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"9cdf299ba4e153b5e56187648420de22c6216f02","status":"affected","versionType":"git"},{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"f648089337cb8ed40b2bb96e244f72b9d97dc96b","status":"affected","versionType":"git"},{"version":"48b1de4c110a7afa4b85862f6c75af817db26fad","lessThan":"5fc177ab759418c9537433e63301096e733fb915","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["net/netfilter/nf_synproxy_core.c"],"versions":[{"version":"3.12","status":"affected"},{"version":"0","lessThan":"3.12","status":"unaffected","versionType":"semver"},{"version":"4.4.274","lessThanOrEqual":"4.4.*","status":"unaffected","versionType":"semver"},{"version":"4.9.274","lessThanOrEqual":"4.9.*","status":"unaffected","versionType":"semver"},{"version":"4.14.238","lessThanOrEqual":"4.14.*","status":"unaffected","versionType":"semver"},{"version":"4.19.196","lessThanOrEqual":"4.19.*","status":"unaffected","versionType":"semver"},{"version":"5.4.128","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.46","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.12.13","lessThanOrEqual":"5.12.*","status":"unaffected","versionType":"semver"},{"version":"5.13","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.4.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.9.274"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.14.238"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"4.19.196"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.4.128"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.10.46"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.12.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"3.12","versionEndExcluding":"5.13"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8"},{"url":"https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4"},{"url":"https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1"},{"url":"https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b"},{"url":"https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98"},{"url":"https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02"},{"url":"https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b"},{"url":"https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915"}],"title":"netfilter: synproxy: Fix out of bounds when parsing TCP options","x_generator":{"engine":"bippy-1.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2021-47245","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-23T18:09:52.562711Z"}}}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:13:37.955Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T05:32:07.394Z"},"title":"CVE Program Container","references":[{"url":"https://git.kernel.org/stable/c/e1eb98cfeafdd85537e7e3cefe93ca9bfbcc3ea8","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/576c1526b4d83c44ad7b673cb841f36cbc6cb6c4","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/674b5f0c6a4fc5d3abce877048290cea6091fcb1","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/7d9a9a1a88a3da574e019b4de756bc73337b3b0b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/6defc77d48eff74075b80ad5925061b2fc010d98","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/9cdf299ba4e153b5e56187648420de22c6216f02","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/f648089337cb8ed40b2bb96e244f72b9d97dc96b","tags":["x_transferred"]},{"url":"https://git.kernel.org/stable/c/5fc177ab759418c9537433e63301096e733fb915","tags":["x_transferred"]}]}]}}