CVE-2021-42341 - OpenCVE

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openrc Project	Openrc

Configuration 1 [-]

cpe:2.3:a:openrc_project:openrc:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://bugs.gentoo.org/816900
https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae
https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204
https://github.com/OpenRC/openrc/issues/418
https://github.com/OpenRC/openrc/issues/459
https://github.com/OpenRC/openrc/pull/462

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-10-14T05:01:07

Updated: 2024-08-04T03:30:38.250Z

Reserved: 2021-10-14T00:00:00

Link: CVE-2021-42341

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-14T05:15:07.787

Modified: 2021-10-20T19:03:41.107

Link: CVE-2021-42341

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T16:48:48", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenRC/openrc/issues/459"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenRC/openrc/pull/462"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/816900"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenRC/openrc/issues/418"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-42341", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204", "refsource": "MISC", "url": "https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204"}, {"name": "https://github.com/OpenRC/openrc/issues/459", "refsource": "MISC", "url": "https://github.com/OpenRC/openrc/issues/459"}, {"name": "https://github.com/OpenRC/openrc/pull/462", "refsource": "MISC", "url": "https://github.com/OpenRC/openrc/pull/462"}, {"name": "https://bugs.gentoo.org/816900", "refsource": "MISC", "url": "https://bugs.gentoo.org/816900"}, {"name": "https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae", "refsource": "MISC", "url": "https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae"}, {"name": "https://github.com/OpenRC/openrc/issues/418", "refsource": "MISC", "url": "https://github.com/OpenRC/openrc/issues/418"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:30:38.250Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenRC/openrc/issues/459"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenRC/openrc/pull/462"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.gentoo.org/816900"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenRC/openrc/issues/418"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-42341", "datePublished": "2021-10-14T05:01:07", "dateReserved": "2021-10-14T00:00:00", "dateUpdated": "2024-08-04T03:30:38.250Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openrc_project:openrc:*:*:*:*:*:*:*:*", "matchCriteriaId": "E580D8E0-D048-44A9-A0CF-BE5EF3147AEF", "versionEndExcluding": "0.44.7", "versionStartIncluding": "0.44.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development."}, {"lang": "es", "value": "checkpath en OpenRC versiones anteriores a 0.44.7, usa la salida directa de la funci\u00f3n strlen() para asignar cadenas, que no tiene en cuenta el byte \"\\0\" al final de la cadena. Esto resulta en una corrupci\u00f3n de memoria"}], "id": "CVE-2021-42341", "lastModified": "2021-10-20T19:03:41.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-10-14T05:15:07.787", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://bugs.gentoo.org/816900"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/OpenRC/openrc/issues/418"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://github.com/OpenRC/openrc/issues/459"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenRC/openrc/pull/462"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}