CVE-2021-35942 -- glibc-sourceID: oval:org.secpod.oval:def:76009 | Date: (C)2021-11-15 (M)2023-11-16 |
Class: VULNERABILITY | Family: unix |
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Platform: |
Ubuntu 21.04 |
Ubuntu 20.04 |
Ubuntu 18.04 |