CVE-2021-3999

CWE-19311 documents8 sources
Severity
7.8HIGH
EPSS
0.8%
top 25.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU GlibcDebian Debian Linux
Timeline
PublishedAug 24
Latest updateMay 2

Description

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDgnu/glibc< 2.31
Debianglibc< 2.31-13+deb11u4+3
Ubuntuglibc< 2.23-0ubuntu11.3+esm1
CVEListV5glibcFixed in glibc v2.31 and above.

Also affects: Debian Linux 10.0, 11.0

🔴Vulnerability Details

4
GHSA
GHSA-vfch-2fr8-r5c2: A flaw was found in glibc2022-08-25
CVEList
CVE-2021-3999: A flaw was found in glibc2022-08-24
OSV
CVE-2021-3999: A flaw was found in glibc2022-08-24
OSV
glibc vulnerabilities2022-03-07

📋Vendor Advisories

6
Ubuntu
GNU C Library vulnerabilities2024-05-02
Microsoft
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input bu2022-08-09
Ubuntu
GNU C Library vulnerabilities2022-03-07
Ubuntu
GNU C Library vulnerabilities2022-03-01
Red Hat
glibc: Off-by-one buffer overflow/underflow in getcwd()2022-01-11
CVE-2021-3999 (HIGH CVSS 7.8) | A flaw was found in glibc | cvebase.io