CVE-2021-3998 — Out-of-bounds Read in Glibc

CWE-125 — Out-of-bounds Read CWE-252 — Unchecked Return Value8 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 58.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Glibc

Timeline

PublishedAug 24

Latest updateAug 25

Description

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDgnu/glibc2.33 — 2.35

▶Debiangnu/glibc< 2.33-4+2

▶CVEListV5gnu/glibcAffects glibc v2.33 and above.

Patches

Patch: bugzilla.redhat.com ↗Patch: sourceware.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-32pr-wg5j-9rwr: A flaw was found in glibc↗2022-08-25

▶

OSV

CVE-2021-3998: A flaw was found in glibc↗2022-08-24

▶

CVEList

CVE-2021-3998: A flaw was found in glibc↗2022-08-24

▶

📋Vendor Advisories

Microsoft

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value potentially leading to information leakage and disclosure of sensitive data.↗2022-08-09

▶

Ubuntu

GNU C Library vulnerabilities↗2022-03-01

▶

Red Hat

glibc: Unexpected return value from realpath() could leak data based on the application↗2022-01-11

▶

Debian

CVE-2021-3998: glibc - A flaw was found in glibc. The realpath() function can mistakenly return an unex...↗2021

▶