CVE-2021-35942

Name
CVE-2021-35942
Description
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://sourceware.org/bugzilla/show_bug.cgi?id=28011
CONFIRM https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
MISC https://sourceware.org/glibc/wiki/Security%20Exceptions
Third Party Advisory https://security.netapp.com/advisory/ntap-20210827-0005/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* glibc >= None < 2.32

Vulnerable and fixed packages

Source package Branch Version Maintainer Status