CVE-2021-35942

Updated: 2023-11-07 20:15:53.980302

Description:

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 6.4
CVSS Version 3.x CRITICAL 9.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS glibc 2.12 9.1 CRITICAL Released CLSA-2021:1629395067 2022-05-05 12:00:36
CentOS 7 ELS glibc 2.17 9.1 CRITICAL Released CLSA-2024:1720027216 2024-07-19 05:03:46
CentOS 8.4 ELS glibc 2.28 9.1 CRITICAL Released CLSA-2022:1643727522 2022-02-01 14:46:36
CentOS 8.5 ELS glibc 2.28 9.1 CRITICAL Not Vulnerable 2022-02-11 05:28:02
CloudLinux 6 ELS glibc 2.12 9.1 CRITICAL Released 2022-04-07 13:07:09
Oracle Linux 6 ELS glibc 2.12 9.1 CRITICAL Released CLSA-2021:1634922609 2021-12-09 07:57:04
Ubuntu 16.04 ELS glibc 2.23-0 9.1 CRITICAL Released CLSA-2021:1635459187 2021-12-09 07:57:04
Ubuntu 18.04 ELS glibc 2.27-3 9.1 CRITICAL Already Fixed 2023-04-28 08:48:29