VDB
CVE-2021-42341
CVE-2021-42341
PUBLISHED
CVSS 7.5 HIGH
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.
EPSS 1.55% · 81.7th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
1.55%
81.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| openrc_project | openrc | 0.44.0 |
Timeline
- Oct 14, 2021 EPSS Score
- Oct 14, 2021 CVE Published
- Dec 9, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 28, 2022 EPSS Score
- Jul 24, 2022 EPSS Score
- Sep 18, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Jan 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://bugs.gentoo.org/816900 url
- https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204 url
- https://github.com/OpenRC/openrc/issues/459 url
- https://github.com/OpenRC/openrc/pull/462 url
- https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae url
- https://github.com/OpenRC/openrc/issues/418 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-42341 advisory