CVE-2021-35942

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Information

Published : 2021-07-22 18:15

Updated : 2021-09-21 18:16


NVD link : CVE-2021-35942

Mitre link : CVE-2021-35942


JSON object : View

Products Affected

netapp

  • ontap_select_deploy_administration_utility
  • hci_management_node
  • active_iq_unified_manager
  • e-series_santricity_os_controller
  • solidfire

gnu

  • glibc
CWE
CWE-190

Integer Overflow or Wraparound