// For flags

CVE-2021-38604

 

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.

En librt en la Biblioteca C de GNU (también se conoce como glibc) versiones hasta 2.34, el archivo sysdeps/unix/sysv/linux/mq_notify.c, maneja inapropiadamente determinados datos NOTIFY_REMOVED, conllevando una desreferencia de puntero NULL. NOTA: esta vulnerabilidad se introdujo como efecto secundario de la corrección de CVE-2021-33574

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-08-12 CVE Reserved
  • 2021-08-12 CVE Published
  • 2024-04-27 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
Glibc
Search vendor "Gnu" for product "Glibc"
<= 2.34
Search vendor "Gnu" for product "Glibc" and version " <= 2.34"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Binding Support Function
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function"
22.1.3
Search vendor "Oracle" for product "Communications Cloud Native Core Binding Support Function" and version "22.1.3"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Function Cloud Native Environment
Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment"
22.1.0
Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "22.1.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Repository Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"
22.1.2
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.1.2"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Network Repository Function
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function"
22.2.0
Search vendor "Oracle" for product "Communications Cloud Native Core Network Repository Function" and version "22.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Security Edge Protection Proxy
Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy"
22.1.1
Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "22.1.1"
-
Affected
Oracle
Search vendor "Oracle"
Communications Cloud Native Core Unified Data Repository
Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository"
22.2.0
Search vendor "Oracle" for product "Communications Cloud Native Core Unified Data Repository" and version "22.2.0"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Operations Monitor
Search vendor "Oracle" for product "Enterprise Operations Monitor"
4.3
Search vendor "Oracle" for product "Enterprise Operations Monitor" and version "4.3"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Operations Monitor
Search vendor "Oracle" for product "Enterprise Operations Monitor"
4.4
Search vendor "Oracle" for product "Enterprise Operations Monitor" and version "4.4"
-
Affected
Oracle
Search vendor "Oracle"
Enterprise Operations Monitor
Search vendor "Oracle" for product "Enterprise Operations Monitor"
5.0
Search vendor "Oracle" for product "Enterprise Operations Monitor" and version "5.0"
-
Affected