Lucene search

[email protected]NVD:CVE-2021-3999

HistoryAug 24, 2022 - 4:15 p.m.

CVE-2021-3999

2022-08-2416:15:09

CWE-193

[email protected]

web.nvd.nist.gov

glibc

buffer overflow

getcwd

memory corruption

setuid program

arbitrary code

privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Affected configurations

Nvd

Node

gnuglibcRange<2.31

Node

debiandebian_linuxMatch10.0

debiandebian_linuxMatch11.0

Node

debiandebian_linuxMatch10.0

Node

netappe-series_performance_analyzerMatch-

netappnfs_plug-invmware_vaai

netappontap_select_deploy_administration_utilityMatch-

Node

netapph300s_firmwareMatch-

AND

netapph300sMatch-

Node

netapph500s_firmwareMatch-

AND

netapph500sMatch-

Node

netapph700s_firmwareMatch-

AND

netapph700sMatch-

Node

netapph410s_firmwareMatch-

AND

netapph410sMatch-

Node

netapph410c_firmwareMatch-

AND

netapph410cMatch-

VendorProductVersionCPE
gnuglibc*cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
netappe-series_performance_analyzer-cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*
netappnfs_plug-in*cpe:2.3:a:netapp:nfs_plug-in:*:*:*:*:*:vmware_vaai:*:*
netappontap_select_deploy_administration_utility-cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
netapph300s_firmware-cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
netapph300s-cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
netapph500s_firmware-cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
netapph500s-cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	glibc	*	cpe:2.3:a:gnu:glibc::::::::
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
debian	debian_linux	11.0	cpe:2.3:o:debian:debian_linux:11.0:::::::*
netapp	e-series_performance_analyzer	-	cpe:2.3:a:netapp:e-series_performance_analyzer:-:::::::*
netapp	nfs_plug-in	*	cpe:2.3:a:netapp:nfs_plug-in::::::vmware_vaai::*
netapp	ontap_select_deploy_administration_utility	-	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:::::::*
netapp	h300s_firmware	-	cpe:2.3:o:netapp:h300s_firmware:-:::::::*
netapp	h300s	-	cpe:2.3:h:netapp:h300s:-:::::::*
netapp	h500s_firmware	-	cpe:2.3:o:netapp:h500s_firmware:-:::::::*
netapp	h500s	-	cpe:2.3:h:netapp:h500s:-:::::::*