VDB
DEBIAN-CVE-2021-3999
DEBIAN-CVE-2021-3999
PUBLISHED
CVSS 7.800000190734863 HIGH
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.
Risk Scores
CVSS v3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | glibc | *, 2.31-13, 2.31-13+deb11u1 |
| Debian:12 | glibc | 0, 0, 0 |
| Debian:13 | glibc | 0, 0, 0 |
| Debian:14 | glibc | 0, 0, 0 |
Timeline
- Aug 24, 2022 CVE Published
- Apr 28, 2026 CVE Updated