Vulnerability in GNU C Library impacting memory handling
CVE-2021-35942

9.1CRITICAL

Key Information:

Vendor: Gnu
Status: Glibc
Vendor: CVE Published:; 22 July 2021

Summary

The GNU C Library (glibc) contains a vulnerability in the wordexp function, allowing for unexpected behavior when provided with crafted patterns. This flaw can lead to denial of service conditions or unauthorized information disclosure. The vulnerability arises from the use of the atoi function where strtoul should have been utilized, creating risks related to incorrect calculations and memory access. Proper validation and usage of functions are critical to mitigate these risks, and users are advised to update their systems to the latest versions to safeguard against potential exploitation.

References

https://sourceware.org/glibc/wiki/Security%20Exceptions

https://sourceware.org/bugzilla/show_bug.cgi?id=28011

https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5a...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 22, 2021
Vulnerability Reserved
Jun 29, 2021