1. CVE-Search
  2. CVE-2021-33574
ID CVE-2021-33574
Summary The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.20:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.25:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.30.5r3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.3r2:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.40.5:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:-:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.50.2:p1:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.1:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.60.3:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:e-series_santricity_os_controller:11.70.1:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-11-2022 - 13:27)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
Last major update 08-11-2022 - 13:27
Published 25-05-2021 - 22:15
Last modified 08-11-2022 - 13:27
Back to Top