CVE-2021-27645

CWE-415CWE-416Use After Free7 documents7 sources
Severity
2.5LOW
EPSS
0.0%
top 88.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU GlibcDebian Debian LinuxFedoraproject Fedora
Timeline
PublishedFeb 24
Latest updateMay 24

Description

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.0 | Impact: 1.4

Affected Packages2 packages

Debianglibc< 2.31-10+3
NVDgnu/glibc2.292.33

Also affects: Debian Linux 10.0, Fedora 33, 34

Patches

Patch: sourceware.orgPatch: sourceware.org

🔴Vulnerability Details

3
GHSA
GHSA-2hpw-5cjm-953f: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 22022-05-24
CVEList
CVE-2021-27645: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 22021-02-24
OSV
CVE-2021-27645: The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 22021-02-24

📋Vendor Advisories

3
Ubuntu
GNU C Library vulnerabilities2022-03-01
Red Hat
glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c2021-02-24
Debian
CVE-2021-27645: glibc - The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2...2021
CVE-2021-27645 (LOW CVSS 2.5) | The nameserver caching daemon (nscd | cvebase.io