CVE-2021-38604

7.5HIGH

Key Information:

Vendor: Gnu
Status: Glibc
Vendor: CVE Published:; 12 August 2021

Summary

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

References

https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b8...

x_refsource_MISC

https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4c...

x_refsource_MISC

https://sourceware.org/bugzilla/show_bug.cgi?id=28213

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2021
Vulnerability Reserved
Aug 12, 2021

.