CVE-2021-35942
22.07.2021, 18:15
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gnu | glibc | 𝑥 < 2.31 |
| netapp | active_iq_unified_manager | - |
| netapp | e-series_santricity_os_controller | 11.0 ≤ 𝑥 ≤ 11.70.1 |
| netapp | hci_management_node | - |
| netapp | ontap_select_deploy_administration_utility | - |
| netapp | solidfire | - |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| eglibc |
| ||||||||||||||||||||||||
| glibc |
|
References