CVE-2021-3998

7.5HIGH

Key Information:

Vendor: Gnu
Status: Glibc
Vendor: CVE Published:; 24 August 2022

Summary

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

Affected Version(s)

glibc Affects glibc v2.33 and above.

References

https://www.openwall.com/lists/oss-security/2022/01/24/4

https://sourceware.org/bugzilla/show_bug.cgi?id=28770

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2022
Vulnerability Reserved
Nov 22, 2021