[Debian] High CVE: CVE-2021-3999: glibc: An off-by-one buffer overflow and underflow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Zhixiong Chi |
Bug Description
CVE-2021-3999: https:/
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Base Score: High
References:
https:/
['libc6_
CVE References
tags: | added: stx.9.0 stx.security |
Changed in starlingx: | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in starlingx: | |
assignee: | nobody → Zhixiong Chi (zhixiongchi) |
status: | Triaged → In Progress |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/886182
Review: https:/