Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-33574
HistoryMay 25, 2021 - 12:00 a.m.

CVE-2021-33574

2021-05-2500:00:00
ubuntu.com
ubuntu.com
36

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

87.8%

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and
2.33 has a use-after-free. It may use the notification thread attributes
object (passed through its struct sigevent parameter) after it has been
freed by the caller, leading to a denial of service (application crash) or
possibly unspecified other impact.

Bugs

Notes

Author Note
sbeattie see https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c4 for a discussion on what pre-requisites are needed for an attack based on this vulnerability. affects more than just 2.32 and 2.33
mdeslaur upstream fix introduced CVE-2021-38604, if this CVE is fixed, the other needs to be fixed also. Fixing this CVE would require introducing new symbols which will likely cause regressions for running systems. We will not be fixing this CVE in Ubuntu stable releases. Marking as ignored.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

87.8%