Vulnerability CVE-2021-33574: Information

Description

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-33574
Published: May 26, 2021
Modified: Nov. 7, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
glibcsisyphus2.32-alt32.38.0.66.ge1135387de-alt1ALT-PU-2021-2137-1276954Fixed
glibcsisyphus_e2k2.35.0.234.3f63f9dfe1-alt1.E2K.27.020.22.35.0.234.3f63f9dfe1-alt1.E2K.27.020.4ALT-PU-2024-1492-1-Fixed
glibcsisyphus_riscv642.34.0.39.024a7-alt1.rv642.38.0.44.d37c2b20a4-alt1ALT-PU-2021-4728-1-Fixed
glibcp102.32-alt32.32-alt5.p10.2ALT-PU-2021-2137-1276954Fixed
glibcc10f12.32-alt32.32-alt5.p10.2ALT-PU-2021-2137-1276954Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1
  • Issue Tracking
https://security.netapp.com/advisory/ntap-20210629-0005/
  • Third Party Advisory
GLSA-202107-07
  • Third Party Advisory
[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update
  • Mailing List
  • Third Party Advisory
FEDORA-2021-7ddb8b0537
    FEDORA-2021-f29b4643c7

        1. Configuration 1

          cpe:2.3:a:gnu:glibc:2.33:*:*:*:*:*:*:*
          cpe:2.3:a:gnu:glibc:2.32:*:*:*:*:*:*:*

          Configuration 2

          cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
          cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

          Configuration 3

          cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
          cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*
          Start including
          11.0
          End including
          11.70.1
          cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*

          Configuration 4

          cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

          Configuration 5

          cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

          Configuration 6

          cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

          Configuration 7

          cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

          Configuration 8

          cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

          Configuration 9

          cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

          Configuration 10

          cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
          Running on/with:
          cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

          Configuration 11

          cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.4.2
      Back to top