In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
References
Link | Resource |
---|---|
https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc | Exploit Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/ | |
https://security.gentoo.org/glsa/202208-24 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20210909-0005/ | Third Party Advisory |
https://sourceware.org/bugzilla/show_bug.cgi?id=28213 | Issue Tracking Patch Third Party Advisory |
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641 | |
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8 | |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:37
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Sep 2022, 20:03
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:5.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.3:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_operations_monitor:4.4:*:*:*:*:*:*:* |
|
First Time |
Oracle enterprise Operations Monitor
Oracle communications Cloud Native Core Network Function Cloud Native Environment Oracle communications Cloud Native Core Network Repository Function Oracle communications Cloud Native Core Security Edge Protection Proxy Oracle communications Cloud Native Core Binding Support Function Oracle Oracle communications Cloud Native Core Unified Data Repository |
|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-24 - Third Party Advisory |
15 Aug 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Oct 2021, 19:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/ - Mailing List, Third Party Advisory |
29 Sep 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Sep 2021, 13:10
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20210909-0005/ - Third Party Advisory |
09 Sep 2021, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Aug 2021, 12:13
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-476 | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* | |
References |
|
|
References | (MISC) https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8 - Mailing List, Patch, Third Party Advisory | |
References | (MISC) https://sourceware.org/bugzilla/show_bug.cgi?id=28213 - Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641 - Mailing List, Patch, Third Party Advisory |
12 Aug 2021, 16:53
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-12 16:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-38604
Mitre link : CVE-2021-38604
CVE.ORG link : CVE-2021-38604
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_binding_support_function
- communications_cloud_native_core_security_edge_protection_proxy
- enterprise_operations_monitor
- communications_cloud_native_core_unified_data_repository
- communications_cloud_native_core_network_function_cloud_native_environment
- communications_cloud_native_core_network_repository_function
gnu
- glibc
fedoraproject
- fedora
CWE
CWE-476
NULL Pointer Dereference