---

CVE-2021-35942 - log back

CVE-2021-35942 edited at 22 Jul 2021 20:58:32

Description

- An integer overflow flaw was found in glibc before 2.34 that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input. + The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

CVE-2021-35942 edited at 01 Jul 2021 10:19:30
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ An integer overflow flaw was found in glibc before 2.34 that may result in reading of arbitrary memory when wordexp is used with a specially crafted untrusted regular expression input.
References	+ https://sourceware.org/bugzilla/show_bug.cgi?id=28011 + https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c

CVE-2021-35942 created at 01 Jul 2021 10:18:08
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes