CVE-2021-3998

Опубликовано: 24 авг. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

Ссылки

https://access.redhat.com/security/cve/CVE-2021-3998
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024633
Issue Tracking
Patch
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-3998
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221020-0003/
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28770
Issue Tracking
Patch
Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb
https://www.openwall.com/lists/oss-security/2022/01/24/4
Mailing List
Patch
Third Party Advisory
https://access.redhat.com/security/cve/CVE-2021-3998
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024633
Issue Tracking
Patch
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021-3998
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221020-0003/
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28770
Issue Tracking
Patch
Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb
https://www.openwall.com/lists/oss-security/2022/01/24/4
Mailing List
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Версия от 2.33 (включая) до 2.35 (исключая)

Конфигурация 2

cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00092

Низкий

7.5 High

CVSS3

Дефекты

CWE-125

CWE-252

Связанные уязвимости

CVE-2021-3998

CVSS3: 7.5

ubuntu

почти 3 года назад

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVE-2021-3998

CVSS3: 7.5

redhat

больше 3 лет назад

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

CVE-2021-3998

CVSS3: 7.5

msrc

почти 3 года назад

Описание отсутствует

CVE-2021-3998

CVSS3: 7.5

debian

почти 3 года назад

A flaw was found in glibc. The realpath() function can mistakenly retu ...

GHSA-32pr-wg5j-9rwr

CVSS3: 7.5

github

почти 3 года назад

A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.

EPSS

Процентиль: 27%

0.00092

Низкий

7.5 High

CVSS3

Дефекты

CWE-125

CWE-252