The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

References

lists.debian.org/debian-lts-announce/2022/10/msg00021.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJYYIMDDYOHTP2PORLABTOHYQYYREZDD/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBUUWUGXVILQXVWEOU7N42ICHPJNAEUP/

security.gentoo.org/glsa/202107-07

security.netapp.com/advisory/ntap-20210629-0005/

sourceware.org/bugzilla/show_bug.cgi?id=27896

sourceware.org/bugzilla/show_bug.cgi?id=27896#c1

openvas 27

fedora 2

redhatcve 2

veracode 1

cbl_mariner 1

amazon 2

nessus 44

prion 2

debiancve 2

photon 7

f5 1

mageia 2

ibm 6

cve 2

nvd 2

osv 5

ubuntucve 2

cvelist 1

suse 2

almalinux 1

cloudlinux 1

oraclelinux 2

rocky 1

redhat 18

gentoo 1

debian 1

ics 2

oracle 1

avleonov 1

openvas

SUSE: Security Advisory (SUSE-SU-2021:3290-1)

2021-10-07 00:00:00

Mageia: Security Advisory (MGASA-2021-0308)

2022-01-28 00:00:00

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2295)

2021-08-09 00:00:00

fedora

[SECURITY] Fedora 33 Update: glibc-2.32-8.fc33

2021-07-07 01:04:22

[SECURITY] Fedora 34 Update: glibc-2.33-16.fc34

2021-06-14 01:06:20

redhatcve

CVE-2021-33574

2021-05-27 23:10:50

CVE-2021-38604

2021-08-13 17:50:02

veracode

Denial Of Service (DoS)

2021-11-17 22:36:20

cbl_mariner

CVE-2021-33574 affecting package glibc 2.28-22

2021-10-05 03:00:55

amazon

Low: glibc

2022-01-18 21:37:00

Medium: glibc

2023-11-29 22:20:00

nessus

EulerOS 2.0 SP8 : glibc (EulerOS-SA-2021-2295)

2021-08-09 00:00:00

EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-2581)

2021-10-25 00:00:00

Photon OS 2.0: Glibc PHSA-2021-2.0-0354

2021-06-10 00:00:00

prion

Design/Logic Flaw

2021-05-25 22:15:00

Null pointer dereference

2021-08-12 16:15:00

debiancve

CVE-2021-33574

2021-05-25 22:15:10

CVE-2021-38604

2021-08-12 16:15:10

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0401

2021-06-09 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0354

2021-06-09 00:00:00

Critical Photon OS Security Update - PHSA-2021-0251

2021-06-08 00:00:00

K43700555 : GNU C Library (glibc) vulnerability CVE-2021-33574

2021-09-24 00:00:00

mageia

Updated glibc packages fix security vulnerability

2021-07-01 02:58:41

Updated glibc packages fix security issue

2021-08-14 17:00:09

ibm

Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability

2021-12-15 06:21:22

Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability.

2021-12-22 10:07:47

Security Bulletin: IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

2022-03-14 20:12:12

cve

CVE-2021-33574

2021-05-25 22:15:10

CVE-2021-38604

2021-08-12 16:15:10

nvd

CVE-2021-33574

2021-05-25 22:15:10

CVE-2021-38604

2021-08-12 16:15:10

osv

CVE-2021-33574

2021-05-25 22:15:10

CVE-2021-38604

2021-08-12 16:15:10

Moderate: glibc security, bug fix, and enhancement update

2021-11-09 09:08:59

ubuntucve

CVE-2021-33574

2021-05-25 00:00:00

CVE-2021-38604

2021-08-12 00:00:00

cvelist

CVE-2021-38604

2021-08-12 15:43:34

suse

Security update for glibc (moderate)

2021-10-06 00:00:00

Security update for glibc (moderate)

2021-10-18 00:00:00

almalinux

Moderate: glibc security, bug fix, and enhancement update

2021-11-09 09:08:59

cloudlinux

Fix of CVE: CVE-2021-33574, CVE-2021-35942, CVE-2021-38604

2021-08-19 17:44:27

oraclelinux

glibc security, bug fix, and enhancement update

2021-11-16 00:00:00

glibc security update

2021-11-23 00:00:00

rocky

glibc security, bug fix, and enhancement update

2021-11-09 09:08:59

redhat

(RHSA-2021:4358) Moderate: glibc security, bug fix, and enhancement update

2021-11-09 09:08:59

(RHSA-2022:0434) Moderate: Release of OpenShift Serverless 1.20.0

2022-02-03 17:07:25

(RHSA-2022:0318) Moderate: Red Hat OpenShift distributed tracing 2.1.0 security update

2022-01-27 16:46:55

gentoo

glibc: Multiple vulnerabilities

2021-07-06 00:00:00

debian

[SECURITY] [DLA 3152-1] glibc security update

2022-10-17 15:54:41

ics

Siemens SIMATIC S7-1500 TM MFP BIOS

2023-06-15 12:00:00

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

oracle

Oracle Critical Patch Update Advisory - April 2022

2022-04-19 00:00:00

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.9 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVELIST:CVE-2021-33574