Vulnerability Details : CVE-2021-35942

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

Vulnerability category: OverflowDenial of service

Published 2021-07-22 18:15:23

Updated 2022-11-08 13:29:50

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-35942

Probability of exploitation activity in the next 30 days: 0.97%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 82 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-35942

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	3.9	5.2	nvd@nist.gov
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2021-35942

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-35942

https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c

sourceware.org Git - glibc.git/commit
Mailing List;Patch;Third Party Advisory
https://security.netapp.com/advisory/ntap-20210827-0005/

CVE-2021-35942 GNU C Library (glibc) Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://sourceware.org/glibc/wiki/Security%20Exceptions

Security Exceptions - glibc wiki
Vendor Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28011

28011 – (CVE-2021-35942) Wild read in wordexp (parse_param) (CVE-2021-35942)
Issue Tracking;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html

[SECURITY] [DLA 3152-1] glibc security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202208-24

GNU C Library: Multiple Vulnerabilities (GLSA 202208-24) — Gentoo security
Third Party Advisory

CVEs referencing this url

Products affected by CVE-2021-35942

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
GNU » Glibc
Versions before (<) 2.32
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
Matching versions
Netapp » Ontap Select Deploy Administration Utility » Version: N/A
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Matching versions
Netapp » E-series Santricity Os Controller
Versions from including (>=) 11.0 and up to, including, (<=) 11.70.1
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
Matching versions
Netapp » Hci Management Node » Version: N/A
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
Matching versions
Netapp » Solidfire » Version: N/A
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions