Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-33574

Опубликовано: 25 мая 2021
Источник: debian

Описание

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
glibcfixed2.32-0experimental0experimentalpackage
glibcfixed2.32-1package
glibcfixed2.31-13+deb11u3bullseyepackage

Примечания

  • https://sourceware.org/bugzilla/show_bug.cgi?id=27896

  • https://sourceware.org/git/?p=glibc.git;a=commit;h=42d359350510506b87101cf77202fefcbfc790cb

  • https://sourceware.org/git/?p=glibc.git;a=commit;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091

  • When fixing this issue the fix needs to be applied such that CVE-2021-38604

  • is not opened, CVE-2021-38604 information:

  • https://sourceware.org/bugzilla/show_bug.cgi?id=28213

  • https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641

  • https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8

Связанные уязвимости

ubuntu логотип

CVE-2021-33574

CVSS3: 9.8
ubuntu
около 4 лет назад

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

redhat логотип

CVE-2021-33574

CVSS3: 5.9
redhat
около 4 лет назад

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

nvd логотип

CVE-2021-33574

CVSS3: 9.8
nvd
около 4 лет назад

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

msrc логотип

CVE-2021-33574

CVSS3: 9.8
msrc
около 4 лет назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2021:3290-1

suse-cvrf
больше 3 лет назад

Security update for glibc