Vulnerability Details : CVE-2021-42341
Potential exploit
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-42341
- cpe:2.3:a:openrc_project:openrc:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-42341
1.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-42341
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2021-42341
-
https://github.com/OpenRC/openrc/issues/459
checkpath -- free(): invalid pointer · Issue #459 · OpenRC/openrc · GitHubExploit;Patch;Third Party Advisory
-
https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204
checkpath: fix allocation size of path buffer · OpenRC/openrc@bb83341 · GitHubPatch;Third Party Advisory
-
https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae
checkpath: remove extra slashes from paths · OpenRC/openrc@63db2d9 · GitHubPatch;Third Party Advisory
-
https://github.com/OpenRC/openrc/issues/418
/lib/rc/bin/checkpath is broken in most recent release · Issue #418 · OpenRC/openrc · GitHubExploit;Patch;Third Party Advisory
-
https://github.com/OpenRC/openrc/pull/462
checkpath: fix allocation size of string buffer by thesamesam · Pull Request #462 · OpenRC/openrc · GitHubPatch;Third Party Advisory
-
https://bugs.gentoo.org/816900
816900 – sys-apps/openrc: checkpath exits with 'free(): invalid pointer' when launching www-apps/grafana-bin with init scriptsExploit;Patch;Third Party Advisory
Jump to