Lucene search

K
cvelistRedhatCVELIST:CVE-2021-3999
HistoryAug 24, 2022 - 12:00 a.m.

CVE-2021-3999

2022-08-2400:00:00
CWE-193
redhat
www.cve.org

9.4 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "glibc",
    "versions": [
      {
        "version": "Fixed in glibc v2.31 and above.",
        "status": "affected"
      }
    ]
  }
]