---

CVE-2021-37600 - log back

CVE-2021-37600 edited at 22 Aug 2021 10:46:01
Description	- An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. + An integer overflow in util-linux before 2.37.2 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
References	https://github.com/karelzak/util-linux/issues/1395 - https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c + https://github.com/karelzak/util-linux/commit/86d5de52d43501711586054e7b601fbc57403085

CVE-2021-37600 edited at 28 Jul 2021 18:36:50
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
References	+ https://github.com/karelzak/util-linux/issues/1395 + https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
Notes

CVE-2021-37600 created at 28 Jul 2021 18:35:24