CVE-2021-41043: Use After Free

Q: What is CVE-2021-41043?

CVE-2021-41043 is a vulnerability that occurs due to a use-after-free issue in tcpslice.

Q: What triggers the AddressSanitizer in CVE-2021-41043?

The use-after-free issue in tcpslice triggers the AddressSanitizer.

Q: Is there any other confirmed impact of CVE-2021-41043?

No, there are no other confirmed impacts of this vulnerability.

Q: What is the severity of CVE-2021-41043?

CVE-2021-41043 has a severity rating of medium (5.5).

Q: How can I fix CVE-2021-41043?

To fix CVE-2021-41043, it is recommended to update tcpslice to a version above 1.5 or apply any patches or fixes provided by the vendor.

Published Jan 5, 2022

Updated

Tcpdump tcpslice is vulnerable to a denial of service, caused by a use-after-free flaw. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a segmentation fault, and results in a denial of service condition.

Other sources

Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.

— MITRE

Affected Software

4 affected componentsFixes available

redhat/tcpslice<1.5

1.5

tcpdump tcpslice<1.5

IBM Security Verify Governance, Identity Manager software component<=ISVG 10.0.2

IBM Security Verify Governance, Identity Manager virtual appliance component<=ISVG 10.0.2

Event History

Jan 5, 2022

CVE Published

via MITRE·11:34 AM

Data Sourced

via MITRE·11:34 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

IBM-7172423

Frequently Asked Questions

What is CVE-2021-41043?

CVE-2021-41043 is a vulnerability that occurs due to a use-after-free issue in tcpslice.

What triggers the AddressSanitizer in CVE-2021-41043?

The use-after-free issue in tcpslice triggers the AddressSanitizer.

Is there any other confirmed impact of CVE-2021-41043?