CVE-2021-35942

Summary

CVE	CVE-2021-35942
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-07-22 18:15:00 UTC
Updated	2023-11-07 03:36:00 UTC
Description	The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Gnu	Glibc	All	All	All	All
Application	Gnu	Glibc	All	All	All	All
Application	Netapp	Active Iq Unified Manager	-	All	All	All
Application	Netapp	E-series Santricity Os Controller	All	All	All	All
Application	Netapp	Hci Management Node	-	All	All	All
Application	Netapp	Ontap Select Deploy Administration Utility	-	All	All	All
Application	Netapp	Solidfire	-	All	All	All

References

Reference	Source	Link	Tags
Security Exceptions - glibc wiki	MISC	sourceware.org
sourceware.org Git - glibc.git/commit	CONFIRM	sourceware.org
sourceware.org Git - glibc.git/commit		sourceware.org
CVE-2021-35942 GNU C Library (glibc) Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
28011 – (CVE-2021-35942) Wild read in wordexp (parse_param) (CVE-2021-35942)	CONFIRM	sourceware.org
GNU C Library: Multiple Vulnerabilities (GLSA 202208-24) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] [DLA 3152-1] glibc security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

159493 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-4358)
159561 Oracle Enterprise Linux Security Update for glibc (ELSA-2021-9560)
179862 Debian Security Update for glibc (CVE-2021-35942)
181138 Debian Security Update for glibc (DLA 3152-1)
198685 Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-5310-1)
239791 Red Hat Update for glibc security (RHSA-2021:4358)
281716 Fedora Security Update for glibc (FEDORA-2021-e14e86e40e)
281729 Fedora Security Update for glibc (FEDORA-2021-3f4132bb56)
352840 Amazon Linux Security Advisory for glibc: ALAS2-2021-1703
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
670703 EulerOS Security Update for glibc (EulerOS-SA-2021-2461)
670768 EulerOS Security Update for glibc (EulerOS-SA-2021-2526)
670792 EulerOS Security Update for glibc (EulerOS-SA-2021-2550)
670880 EulerOS Security Update for compat-glibc (EulerOS-SA-2021-2653)
671025 EulerOS Security Update for glibc (EulerOS-SA-2021-2660)
671239 EulerOS Security Update for compat-glibc (EulerOS-SA-2022-1158)
671255 EulerOS Security Update for glibc (EulerOS-SA-2022-1164)
710605 Gentoo Linux GNU C Library Multiple Vulnerabilities (GLSA 202208-24)
750897 SUSE Enterprise Linux Security Update for glibc (SUSE-SU-2021:2480-1)
751196 SUSE Enterprise Linux Security Update for glibc (SUSE-SU-2021:3289-1)
751200 OpenSUSE Security Update for glibc (openSUSE-SU-2021:3291-1)
751212 SUSE Enterprise Linux Security Update for glibc (SUSE-SU-2021:3385-1)
751242 OpenSUSE Security Update for glibc (openSUSE-SU-2021:1374-1)
900060 CBL-Mariner Linux Security Update for glibc 2.28
903139 Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (4820)
940330 AlmaLinux Security Update for glibc (ALSA-2021:4358)
960043 Rocky Linux Security Update for glibc (RLSA-2021:4358)