CVE-2021-3999

Name
CVE-2021-3999
Description
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.openwall.com/lists/oss-security/2022/01/24/4
MISC https://access.redhat.com/security/cve/CVE-2021-3999
MISC https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e
MISC https://sourceware.org/bugzilla/show_bug.cgi?id=28769
MISC https://security-tracker.debian.org/tracker/CVE-2021-3999
MISC https://bugzilla.redhat.com/show_bug.cgi?id=2024637

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* glibc >= None < 2.31

Vulnerable and fixed packages

Source package Branch Version Maintainer Status