5
CVSSv2

CVE-2021-38604

CVSSv4: NA | CVSSv3: 7.5 | CVSSv2: 5 | VMScore: 850 | EPSS: 0.00881 | KEV: Not Included
Published: 12/08/2021 Updated: 21/11/2024

Vulnerability Summary

In librt in the GNU C Library (aka glibc) up to and including 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu glibc

fedoraproject fedora 35

oracle communications cloud native core binding support function 22.1.3

oracle communications cloud native core network function cloud native environment 22.1.0

oracle communications cloud native core network repository function 22.1.2

oracle communications cloud native core network repository function 22.2.0

oracle communications cloud native core security edge protection proxy 22.1.1

oracle communications cloud native core unified data repository 22.2.0

oracle enterprise operations monitor 4.3

oracle enterprise operations monitor 4.4

oracle enterprise operations monitor 5.0

Vendor Advisories

In librt in the GNU C Library (aka glibc) through 234, sysdeps/unix/sysv/linux/mq_notifyc mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix (CVE-2021-38604) ...
In librt in the GNU C Library (aka glibc) through 234, sysdeps/unix/sysv/linux/mq_notifyc mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix ...
In librt in the GNU C Library (aka glibc) through 234, sysdeps/unix/sysv/linux/mq_notifyc mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix ...