CVE-2021-3999

7.8HIGH

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input bu

Published: 8/24/2022Updated: 12/2/2025
View on NVDView on MITRE

Description

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

AI AnalysisPowered by AI

Affected Products

gnuglibc
debiandebian_linux
10.0
debiandebian_linux
11.0
debiandebian_linux
10.0
netappe-series_performance_analyzer
-
netappnfs_plug-in
netappontap_select_deploy_administration_utility
-
netapph300s_firmware
-
netapph300s
-
netapph500s_firmware
-
netapph500s
-
netapph700s_firmware
-
netapph700s
-
netapph410s_firmware
-
netapph410s
-
netapph410c_firmware
-
netapph410c
-

References