Описание
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
An integer overflow flaw was found in glibc that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input.
Отчет
This is an integer overflow flaw in wordexp(), caused by a specially crafted untrusted regular expression input. It can result in arbitrary memory read. The upstream glibc project generally does not consider bugs due to untrusted inputs as security issues, but this is an exception since it invokes undefined behaviour in glibc. In general, use of untrusted regular expression input is strongly discouraged. This flaw has been rated as having a security impact of Moderate as no application shipped with Red Hat Enterprise Linux passes untrusted data to wordexp() by default.
Меры по смягчению последствий
Do not use untrusted regular expression input for the wordexp() function.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | compat-glibc | Out of support scope | ||
| Red Hat Enterprise Linux 6 | glibc | Out of support scope | ||
| Red Hat Enterprise Linux 7 | compat-glibc | Out of support scope | ||
| Red Hat Enterprise Linux 7 | glibc | Out of support scope | ||
| Red Hat Enterprise Linux 9 | glibc | Not affected | ||
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2021:4358 | 09.11.2021 |
| Red Hat Enterprise Linux 8 | glibc | Fixed | RHSA-2021:4358 | 09.11.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
The wordexp function in the GNU C Library (aka glibc) through 2.33 may ...
EPSS
9.1 Critical
CVSS3