checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-14T05:01:07
Updated: 2024-08-04T03:30:38.250Z
Reserved: 2021-10-14T00:00:00
Link: CVE-2021-42341
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-10-14T05:15:07.787
Modified: 2021-10-20T19:03:41.107
Link: CVE-2021-42341
Redhat
No data.