Buffer Overflow Vulnerability in glibc Affecting Linux Systems
CVE-2021-3999
7.8HIGH
What is CVE-2021-3999?
A vulnerability in the glibc library allows for an off-by-one buffer overflow and underflow within the getcwd() function, which could lead to memory corruption. This occurs when the size of the buffer is set to exactly 1. A local attacker, who has the capability to influence the input buffer and the size parameter passed to getcwd() within a setuid application, can exploit this vulnerability to potentially execute arbitrary code and gain elevated privileges on the affected system.
Affected Version(s)
glibc Fixed in glibc v2.31 and above.