CVE-2021-3998 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADP	ADP	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Affected Products (NVD)

Vendor	Product	Version
gnu	glibc	2.33 ≤ 𝑥 < 2.35
netapp	ontap_select_deploy_administration_utility	-
netapp	h300s_firmware	-
netapp	h500s_firmware	-
netapp	h700s_firmware	-
netapp	h410s_firmware	-
netapp	h410c_firmware	-

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

glibc

bookworm	2.36-9+deb12u8 fixed
bookworm (security)	2.36-9+deb12u7 fixed
bullseye	2.31-13+deb11u11 not-affected
bullseye (security)	2.31-13+deb11u10 fixed
buster	not-affected
sid	2.40-3 fixed
stretch	not-affected
trixie	2.40-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

eglibc

bionic	dne
focal	dne
hirsute	dne
impish	dne
jammy	dne
trusty	not-affected
xenial	dne

glibc

bionic	not-affected
focal	not-affected
hirsute	ignored
impish	Fixed 2.34-0ubuntu3.2 released
jammy	not-affected
xenial	not-affected

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.
CWE-252 - Unchecked Return Value
The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

References

https://access.redhat.com/security/cve/CVE-2021-3998

https://bugzilla.redhat.com/show_bug.cgi?id=2024633

https://security-tracker.debian.org/tracker/CVE-2021-3998

https://security.netapp.com/advisory/ntap-20221020-0003/

https://sourceware.org/bugzilla/show_bug.cgi?id=28770

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb

https://www.openwall.com/lists/oss-security/2022/01/24/4

https://access.redhat.com/security/cve/CVE-2021-3998

https://bugzilla.redhat.com/show_bug.cgi?id=2024633

https://security-tracker.debian.org/tracker/CVE-2021-3998

https://security.netapp.com/advisory/ntap-20221020-0003/

https://sourceware.org/bugzilla/show_bug.cgi?id=28770

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb

https://www.openwall.com/lists/oss-security/2022/01/24/4