CVE-2021-37600
published 2021-07-30CVE-2021-37600: An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | util-linux | < util-linux 2.36.1-8 (bookworm) | util-linux 2.36.1-8 (bookworm) |
| kernel | util-linux | <= 2.37.1 | — |
| kernel | util-linux | >= 0 < 2.36.1-8 | 2.36.1-8 |
| kernel | util-linux | >= 0 < 2.36.1-8 | 2.36.1-8 |
| kernel | util-linux | >= 0 < 2.36.1-8 | 2.36.1-8 |
| kernel | util-linux | >= 0 < 2.36.1-8 | 2.36.1-8 |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_util-linux_2.32.1-5_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM