{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-35942", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T00:40:47.554Z", "dateReserved": "2021-06-29T00:00:00", "datePublished": "2021-07-22T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://sourceware.org/glibc/wiki/Security%20Exceptions"}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28011"}, {"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c"}, {"url": "https://security.netapp.com/advisory/ntap-20210827-0005/"}, {"name": "GLSA-202208-24", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202208-24"}, {"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:40:47.554Z"}, "title": "CVE Program Container", "references": [{"url": "https://sourceware.org/glibc/wiki/Security%20Exceptions", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28011", "tags": ["x_transferred"]}, {"url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20210827-0005/", "tags": ["x_transferred"]}, {"name": "GLSA-202208-24", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-24"}, {"name": "[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*", "matchCriteriaId": "5980E6E8-3F3B-4A37-8F70-D0BC09008230", "versionEndExcluding": "2.32", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98", "versionEndIncluding": "11.70.1", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations."}, {"lang": "es", "value": "La funci\u00f3n wordexp de la biblioteca GNU C (tambi\u00e9n se conoce como glibc) versiones hasta 2.33, puede bloquearse o leer memoria arbitraria en la funci\u00f3n parse_param (en el archivo posix/wordexp.c) cuando se llama con un patr\u00f3n dise\u00f1ado que no es confiable, resultando en una denegaci\u00f3n de servicio o divulgaci\u00f3n de informaci\u00f3n. Esto ocurre porque atoi fue usado pero deber\u00eda haber sido usado strtoul para asegurar c\u00e1lculos correctos"}], "id": "CVE-2021-35942", "lastModified": "2023-11-07T03:36:39.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-22T18:15:23.287", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-24"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210827-0005/"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=28011"}, {"source": "cve@mitre.org", "url": "https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://sourceware.org/glibc/wiki/Security%20Exceptions"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:4358", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "glibc-0:2.28-164.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}, {"advisory": "RHSA-2021:4358", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "glibc-0:2.28-164.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-09T00:00:00Z"}], "bugzilla": {"description": "glibc: Arbitrary read in wordexp()", "id": "1977975", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977975"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.", "An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input."], "mitigation": {"lang": "en:us", "value": "Do not use untrusted regular expression input for the wordexp() function."}, "name": "CVE-2021-35942", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "compat-glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "glibc", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-06-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-35942\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-35942"], "statement": "This is an integer overflow flaw in wordexp(), caused by a specially crafted untrusted regular expression input. It can result in arbitrary memory read. The upstream glibc project generally does not consider bugs due to untrusted inputs as security issues, but this is an exception since it invokes undefined behaviour in glibc. In general, use of untrusted regular expression input is strongly discouraged. This flaw has been rated as having a security impact of Moderate as no application shipped with Red Hat Enterprise Linux passes untrusted data to wordexp() by default.", "threat_severity": "Moderate", "upstream_fix": "glibc 2.34"}