Vulnerabilities > CVE-2021-27645 - Double Free vulnerability in multiple products

CVSS 2.5 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

local

high complexity

NVD

Published: 2021-02-24

Updated: 2023-11-07

Summary

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU Glibc 2.29 GNU Glibc 2.30 GNU Glibc 2.31 GNU Glibc 2.32 GNU Glibc 2.32.0 GNU Glibc 2.33	7
OS	Fedoraproject Fedoraproject Fedora 33 Fedoraproject Fedora 34	2
OS	Debian Debian Debian Linux 10.0	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://sourceware.org/bugzilla/show_bug.cgi?id=27462
https://security.gentoo.org/glsa/202107-07
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I7TS26LIZSOBLGJEZMJX4PXT5BQDE2WS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7LZNT6KTMCCWPWXEOGSHD3YLYZKUGMH5/