CVE-2021-33574

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions glibc versions 2.32 and 2.33

Description The issue is related to the mq notify function in the GNU C Library, which has a use-after-free problem. This occurs when the function uses the notification thread attributes object, passed through its struct sigevent parameter, after it has been freed by the caller. The exploitation of this issue may allow a remote attacker to cause a denial of service, resulting in an application crash, or possibly have other unspecified impacts.

Recommendations For glibc versions 2.32 and 2.33, consider disabling the mq notify function as a temporary workaround until a patch is available. Restrict access to the mq notify function to minimize the risk of exploitation. Avoid using the struct sigevent parameter in the affected mq notify function until the issue is resolved.

Exploit

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2021:4358

ALT-PU-2021-2137

ALT-PU-2021-3034

BDU:2021-06408

CESA-2021_4358

CVE-2021-33574

DLA-3152-1

MGASA-2021-0308

OESA-2021-1239

OPENSUSE-SU-2021:1374-1

OPENSUSE-SU-2021:3291-1

OPENSUSE-SU-2021_1374-1

OPENSUSE-SU-2021_3291-1

OPENSUSE-SU-2024:10792-1

RHSA-2021:4358

RHSA-2021_4358

RLSA-2021:4358

SUSE-SU-2021:14822-1

SUSE-SU-2021:3289-1

SUSE-SU-2021:3290-1

SUSE-SU-2021:3291-1

SUSE-SU-2021:3385-1

SUSE-SU-2021_14822-1

SUSE-SU-2021_3289-1

SUSE-SU-2021_3290-1

SUSE-SU-2021_3291-1

SUSE-SU-2021_3385-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Suse

Glibc

CVE-2021-33574

Weakness Enumeration

Related Identifiers

Affected Products

References · 105