How severe is CVE-2021-34999?

This vulnerability has a severity rating of LOW with a CVSS score of 3.8 out of 10.

What type of vulnerability is CVE-2021-34999?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2021-34999

LOW Year: 2021

CVSS v3 Score

3.8

Low

Weakness Type

CWE-908

View all →

Vulnerability Description

OpenBSD Kernel Multicast Routing Uninitialized Memory Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of OpenBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the implementation of multicast routing. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. . Was ZDI-CAN-14540.

CVE-2018-3970

MEDIUM

CVSS:4.0(Medium)

An exploitable memory disclosure vulnerability exists in the 0x222000 IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to return un...

CWE-9082018

CVE-2021-21781

MEDIUM

CVSS:4.0(Medium)

An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application ...

CWE-9082021

CVE-2021-47096

MEDIUM

CVSS:4.0(Medium)

In the Linux kernel, the following vulnerability has been resolved: ALSA: rawmidi - fix the uninitalized user_pversion The user_pversion was uninitialized for the user space file structure in the open...

CWE-9082021

CVE-2017-5102

MEDIUM

CVSS:4.3(Medium)

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to obtain potentially sensitive information from process mem...

CWE-9082017

CVE-2017-5103

MEDIUM

CVSS:4.3(Medium)

Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a...

CWE-9082017

CVE-2018-1037

MEDIUM

CVSS:4.3(Medium)

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Stud...

CWE-9082018

CVE-2021-34999

Vulnerability Description

Related Vulnerabilities

CVE-2018-3970

CVE-2021-21781

CVE-2021-47096

CVE-2017-5102

CVE-2017-5103

CVE-2018-1037