Search for vulnerabilities
Vulnerability details: VCID-duwt-xt4y-aaaj
Vulnerability ID VCID-duwt-xt4y-aaaj
Aliases CVE-2021-35942
Summary The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Status Published
Exploitability 0.5
Weighted Severity 8.2
Risk 4.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-190 Integer Overflow or Wraparound
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2021:4358
cvssv3 9.1 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35942.json
epss 0.01086 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01086 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01086 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01086 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01204 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.01604 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.02007 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
epss 0.09628 https://api.first.org/data/v1/epss?cve=CVE-2021-35942
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1977975
cvssv3.1 5.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-35942
cvssv3 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35942
cvssv3.1 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35942
archlinux High https://security.archlinux.org/AVG-1621
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35942.json
https://api.first.org/data/v1/epss?cve=CVE-2021-35942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
https://security.gentoo.org/glsa/202208-24
https://security.netapp.com/advisory/ntap-20210827-0005/
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c
https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c
https://sourceware.org/glibc/wiki/Security%20Exceptions
1977975 https://bugzilla.redhat.com/show_bug.cgi?id=1977975
990542 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990542
AVG-1621 https://security.archlinux.org/AVG-1621
cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVE-2021-35942 https://nvd.nist.gov/vuln/detail/CVE-2021-35942
RHSA-2021:4358 https://access.redhat.com/errata/RHSA-2021:4358
USN-5310-1 https://usn.ubuntu.com/5310-1/
USN-5699-1 https://usn.ubuntu.com/5699-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35942.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-35942
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-35942
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-35942
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.84095
EPSS Score 0.01086
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.