7.5

CVE-2021-3998

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version >= 2.33 < 2.35
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.44% 0.699
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

https://access.redhat.com/security/cve/CVE-2021-3998
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024633
Patch
Third Party Advisory
Issue Tracking
https://security-tracker.debian.org/tracker/CVE-2021-3998
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221020-0003/
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28770
Patch
Third Party Advisory
Issue Tracking
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb
https://www.openwall.com/lists/oss-security/2022/01/24/4
Patch
Third Party Advisory
Mailing List