Uninitialized Memory Information Disclosure Vulnerability
CVE-2021-35000

3.3LOW

Key Information:

Vendor: OpenBSD
Status: Kernel
Vendor: CVE Published:; 7 May 2024

What is CVE-2021-35000?

The OpenBSD Kernel contains a vulnerability related to multicast routing that allows local attackers to potentially disclose sensitive information. This issue arises from uninitialized memory being accessed in the multicast routing implementation. An attacker must first run low-privileged code on the target system to exploit this vulnerability. By leveraging this flaw alongside other vulnerabilities, there is an opportunity for privilege escalation, enabling arbitrary code execution in the kernel context.

Affected Version(s)

Kernel OpenBSD 6.9

References

https://www.zerodayinitiative.com/advisories/ZDI-22-012/

x_research-advisory

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2024
Vulnerability Reserved
Jun 17, 2021