Lucene search

K
osvGoogleOSV:CVE-2021-35942
HistoryJul 22, 2021 - 6:15 p.m.

CVE-2021-35942

2021-07-2218:15:23
Google
osv.dev
4

AI Score

7

Confidence

High

EPSS

0.011

Percentile

84.8%

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.