CVE-2021-33574 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Low
Remote	No
Type	Arbitrary code execution
Description	The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact. NOTE: Applying commits 42d359350510506b87101cf77202fefcbfc790cb and 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 fixes CVE-2021-33574, but opens up another issue CVE-2021-38604.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1621	glibc	2.33-5	2.34-1	High	Fixed

References
https://sourceware.org/bugzilla/show_bug.cgi?id=27896 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=42d359350510506b87101cf77202fefcbfc790cb https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091

References

https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=42d359350510506b87101cf77202fefcbfc790cb
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=217b6dc298156bdb0d6aea9ea93e7e394a5ff091