Lucene search

[email protected]NVD:CVE-2021-35942

HistoryJul 22, 2021 - 6:15 p.m.

CVE-2021-35942

2021-07-2218:15:23

CWE-190

[email protected]

web.nvd.nist.gov

wordexp function

glibc

denial of service

disclosure of information

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

EPSS

0.016

Percentile

87.6%

JSON

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

Affected configurations

Nvd

Node

gnuglibcRange<2.32

Node

netappactive_iq_unified_managerMatch-vmware_vsphere

netappe-series_santricity_os_controllerRange11.0–11.70.1

netapphci_management_nodeMatch-

netappontap_select_deploy_administration_utilityMatch-

netappsolidfireMatch-

Node

debiandebian_linuxMatch10.0

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
netappactive_iq_unified_manager-cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
netappe-series_santricity_os_controller*cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
netapphci_management_node-cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
netappsolidfire-cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
netapp	active_iq_unified_manager	-	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere::
netapp	e-series_santricity_os_controller	*	cpe:2.3:a:netapp:e-series_santricity_os_controller::::::::
netapp	hci_management_node	-	cpe:2.3:a:netapp:hci_management_node:-:::::::*
netapp	ontap_select_deploy_administration_utility	-	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
netapp	solidfire	-	cpe:2.3:a:netapp:solidfire:-:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*