PT-2022-2036 · Glibc+10 · Glibc+10

Siddhesh Poyarekar

Published

2020-12-17

Updated

2024-06-15

CVE-2021-3999

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions glibc (affected versions not specified)

Description A flaw was found in glibc, specifically an off-by-one buffer overflow and underflow in the getcwd() function, which may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-193

Related Identifiers

ALSA-2022:0896

ALT-PU-2020-3524

ALT-PU-2022-1201

BDU:2022-01635

CESA-2022_0896

CVE-2021-3999

DLA-3152-1

MGASA-2022-0052

OPENSUSE-SU-2022:0330-1

OPENSUSE-SU-2022_0330-1

OPENSUSE-SU-2024:11850-1

RHSA-2022:0896

RHSA-2022_0896

RLSA-2022:0896

SUSE-SU-2022:0330-1

SUSE-SU-2022:0441-1

SUSE-SU-2022:0832-1

SUSE-SU-2022:0909-1

SUSE-SU-2022:14923-1

SUSE-SU-2022_0330-1

SUSE-SU-2022_0441-1

SUSE-SU-2022_0909-1

SUSE-SU-2022_14923-1

USN-5310-1

USN-5310-2

USN-6762-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Glibc

PT-2022-2036 · Glibc+10 · Glibc+10

CVE-2021-3999

Weakness Enumeration

Related Identifiers

Affected Products

References · 105