Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-42341

Published: Oct 14, 2021 | Modified: Oct 20, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
LOW
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-42341
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the 0 byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.

Affected Software

Name Vendor Start Version End Version
Openrc Openrc_project 0.44.0 (including) 0.44.7 (excluding)
Openrc Ubuntu trusty *
Openrc Ubuntu xenial *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use