Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2021-3998

Published: 24/08/2022 Updated: 12/02/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0

Vulnerability Summary

It exists that the GNU C Library nscd daemon incorrectly handled certain netgroup lookups. An attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-27645)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

netapp ontap select deploy administration utility -

netapp h300s firmware -

netapp h500s firmware -

netapp h700s firmware -

netapp h410s firmware -

netapp h410c firmware -

Vendor Advisories

Ubuntu Security Notice: USN-5310-1: GNU C Library vulnerabilities
Several security issues were fixed in GNU C Library ...
Arch Linux Issues:
A flaw was found in glibc The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Mailing Lists

Full Disclosure: Re: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()
Hello Can someone clarify CVE-2021-44730 dependency on hardlinking? This passage: Why it isn't possible to copy the snap-confine binary into a directory for the same effect -- instead of hardlinking it? I cannot see how hardlink is different from a simple copy in this context Thanks! Feb 17, 2022, 19:47 by qsa () qualys com: ...
Full Disclosure: CVE-2021-44731: Race condition in snap-confine's setup_private_mount()
Qualys Security Advisory Oh Snap! More Lemmings (Local Privilege Escalation in snap-confine) ======================================================================== Contents ======================================================================== Summary Two minor bugs An unexploitable bug CVE-2021-44730: Hardlink attack in snap-confine's sc_o ...
Full Disclosure: CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd()
Hi all, We discovered two vulnerabilities in the glibc, CVE-2021-3998 in realpath() and CVE-2021-3999 in getcwd() Patches are now available at (many thanks to Siddhesh Poyarekar and Red Hat Product Security): sourcewareorg/git/gitwebcgi?p=glibcgit;h=ee8d5e33adb284601c00c94687bc907e10aec9bb sourcewareorg/git/gitwebcgi?p=glibc ...

References

CWE-125https://www.openwall.com/lists/oss-security/2022/01/24/4https://access.redhat.com/security/cve/CVE-2021-3998https://sourceware.org/bugzilla/show_bug.cgi?id=28770https://security-tracker.debian.org/tracker/CVE-2021-3998https://bugzilla.redhat.com/show_bug.cgi?id=2024633https://security.netapp.com/advisory/ntap-20221020-0003/https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bbhttps://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03https://nvd.nist.govhttps://ubuntu.com/security/notices/USN-5310-1https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRFserver-side request forgeryCVE-2024-30067CVE-2024-5553CVE-2024-30095IDORCVE-2024-35252CVE-2024-23692CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook