Use-After-Free Vulnerability in GNU C Library Affects glibc 2.32 and 2.33
CVE-2021-33574

9.8CRITICAL

Key Information:

Vendor: Gnu
Status: Glibc
Vendor: CVE Published:; 25 May 2021

Summary

A use-after-free vulnerability exists in the mq_notify function of the GNU C Library that affects versions 2.32 and 2.33. When this function is called, it may improperly use the notification thread attributes object after it has been freed by the caller. This unintended usage could result in a denial of service, specifically causing application crashes, and could potentially have additional unspecified impacts, making it critical for developers and users of glibc to apply necessary patches and upgrades.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=27896

https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 25, 2021
Vulnerability Reserved
May 25, 2021