7.5

CVE-2021-42341

Exploit

EPSS 1.55%
Veröffentlicht 14.10.2021 05:15:07
Zuletzt bearbeitet 21.11.2024 06:27:38
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openrc Project ≫ Openrc Version >= 0.44.0 < 0.44.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.55%	0.808

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://bugs.gentoo.org/816900

Patch

Third Party Advisory

Exploit

https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae

Patch

Third Party Advisory

https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204

Patch

Third Party Advisory

https://github.com/OpenRC/openrc/issues/418

Patch

Third Party Advisory

Exploit

https://github.com/OpenRC/openrc/issues/459

Patch

Third Party Advisory

Exploit

https://github.com/OpenRC/openrc/pull/462

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-42341

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-42341

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-42341

EUVD