A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-03T17:16:03.318Z

Reserved: 2021-11-22T00:00:00

Link: CVE-2021-3999

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-08-24T16:15:09.077

Modified: 2024-11-21T06:23:20.937

Link: CVE-2021-3999

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-01-11T00:00:00Z

Links: CVE-2021-3999 - Bugzilla

cve-icon OpenCVE Enrichment

No data.