Buffer Overflow Vulnerability in glibc Affecting Linux Systems
CVE-2021-3999

7.8HIGH

Key Information:

Vendor: Gnu
Status: Glibc
Vendor: CVE Published:; 24 August 2022

Summary

A vulnerability in the glibc library allows for an off-by-one buffer overflow and underflow within the getcwd() function, which could lead to memory corruption. This occurs when the size of the buffer is set to exactly 1. A local attacker, who has the capability to influence the input buffer and the size parameter passed to getcwd() within a setuid application, can exploit this vulnerability to potentially execute arbitrary code and gain elevated privileges on the affected system.

Affected Version(s)

glibc Fixed in glibc v2.31 and above.

References

https://www.openwall.com/lists/oss-security/2022/01/24/4

https://sourceware.org/bugzilla/show_bug.cgi?id=28769

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 24, 2022
Vulnerability Reserved
Nov 22, 2021