Vulnerability Details : CVE-2021-3998
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
Products affected by CVE-2021-3998
- cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-3998
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 56 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-3998
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-3998
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: secalert@redhat.com (Primary)
-
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.Assigned by: nvd@nist.gov (Secondary)
References for CVE-2021-3998
-
https://sourceware.org/bugzilla/show_bug.cgi?id=28770
28770 – (CVE-2021-3998) Unexpected return value from realpath() for too long results (CVE-2021-3998)Issue Tracking;Patch;Third Party Advisory
-
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03
sourceware.org Git
-
https://www.openwall.com/lists/oss-security/2022/01/24/4
oss-security - CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd()Mailing List;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20221020-0003/
CVE-2021-3998 GNU C Library (glibc) Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb
sourceware.org Git
-
https://security-tracker.debian.org/tracker/CVE-2021-3998
CVE-2021-3998Third Party Advisory
-
https://access.redhat.com/security/cve/CVE-2021-3998
CVE-2021-3998- Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=2024633
2024633 – (CVE-2021-3998) CVE-2021-3998 glibc: Unexpected return value from realpath() could leak data based on the applicationIssue Tracking;Patch;Third Party Advisory
Jump to