ID CVE-2021-27645
Summary The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:glibc:2.29:*:*:*:*:*:x86:*
    cpe:2.3:a:gnu:glibc:2.29:*:*:*:*:*:x86:*
  • cpe:2.3:a:gnu:glibc:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:x64:*
    cpe:2.3:a:gnu:glibc:2.31:*:*:*:*:*:x64:*
  • cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:glibc:2.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.32.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
CVSS
Base: 1.9 (as of 25-03-2021 - 00:00)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:N/I:N/A:P
Last major update 25-03-2021 - 00:00
Published 24-02-2021 - 15:15
Last modified 25-03-2021 - 00:00
Back to Top