CVE-2021-33574 log

Severity Low
Remote No
Type Arbitrary code execution
The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

NOTE: Applying commits 42d359350510506b87101cf77202fefcbfc790cb and 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 fixes CVE-2021-33574, but opens up another issue CVE-2021-38604.
Group Package Affected Fixed Severity Status Ticket
AVG-1621 glibc 2.33-5 2.34-1 High Fixed