CVE-2021-3998

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
gnuglibc
2.33 ≤
𝑥
< 2.35
netappontap_select_deploy_administration_utility
-
netapph300s_firmware
-
netapph500s_firmware
-
netapph700s_firmware
-
netapph410s_firmware
-
netapph410c_firmware
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
glibc
bookworm
2.36-9+deb12u8
fixed
bookworm (security)
2.36-9+deb12u7
fixed
bullseye
2.31-13+deb11u11
not-affected
bullseye (security)
2.31-13+deb11u10
fixed
buster
not-affected
sid
2.40-3
fixed
stretch
not-affected
trixie
2.40-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
eglibc
bionic
dne
focal
dne
hirsute
dne
impish
dne
jammy
dne
trusty
not-affected
xenial
dne
glibc
bionic
not-affected
focal
not-affected
hirsute
ignored
impish
Fixed 2.34-0ubuntu3.2
released
jammy
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
glibc
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-32bit
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-devel
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-devel-32bit
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-devel-static
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-extra
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-i18ndata
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-info
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-lang
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-locale
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-locale-base
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-locale-base-32bit
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-profile
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
glibc-utils
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
libnsl1
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
libnsl1-32bit
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
nscd
suse enterprise desktop 15 SP6
2.38-150600.12.1
fixed
suse enterprise desktop 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise sap 15 SP6
2.38-150600.12.1
fixed
suse enterprise sap 15 SP7
2.38-150600.14.29.1
fixed
suse enterprise server 15 SP6
2.38-150600.12.1
fixed
suse enterprise server 15 SP7
2.38-150600.14.29.1
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2021-3998
https://bugzilla.redhat.com/show_bug.cgi?id=2024633
https://security-tracker.debian.org/tracker/CVE-2021-3998
https://security.netapp.com/advisory/ntap-20221020-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=28770
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb
https://www.openwall.com/lists/oss-security/2022/01/24/4
https://access.redhat.com/security/cve/CVE-2021-3998
https://bugzilla.redhat.com/show_bug.cgi?id=2024633
https://security-tracker.debian.org/tracker/CVE-2021-3998
https://security.netapp.com/advisory/ntap-20221020-0003/
https://sourceware.org/bugzilla/show_bug.cgi?id=28770
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb
https://www.openwall.com/lists/oss-security/2022/01/24/4