Vulnerabilities > CVE-2021-27645 - Double Free vulnerability in multiple products
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 | |
OS | 2 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/
- https://security.gentoo.org/glsa/202107-07
- https://security.gentoo.org/glsa/202107-07
- https://sourceware.org/bugzilla/show_bug.cgi?id=27462
- https://sourceware.org/bugzilla/show_bug.cgi?id=27462