CVE-2021-33574: The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Affected

27 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	glibc	< glibc 2.32-1 (bookworm)	glibc 2.32-1 (bookworm)
debian	glibc	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
gnu	glibc	<= 2.34	—
gnu	glibc	—	—
gnu	glibc	—	—
gnu	glibc	>= 0 < 2.31-13+deb11u3	2.31-13+deb11u3
gnu	glibc	>= 0 < 2.32-1	2.32-1
gnu	glibc	>= 0 < 2.32-1	2.32-1
gnu	glibc	>= 0 < 2.32-1	2.32-1
gnu	glibc	>= 0 < 2.34-0ubuntu3	2.34-0ubuntu3
msrc	cbl2_glibc_2.35-1_on_cbl_mariner_2.0	—	—
msrc	cm1_glibc_2.28-20_on_cbl_mariner_1.0	—	—
netapp	e-series_santricity_os_controller	11.0 – 11.70.1	—
oracle	communications_cloud_native_core_binding_support_function	—	—
oracle	communications_cloud_native_core_network_function_cloud_native_environment	—	—
oracle	communications_cloud_native_core_network_repository_function	—	—
oracle	communications_cloud_native_core_network_repository_function	—	—
oracle	communications_cloud_native_core_security_edge_protection_proxy	—	—
oracle	communications_cloud_native_core_unified_data_repository	—	—
oracle	enterprise_operations_monitor	—	—
oracle	enterprise_operations_monitor	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL