NULL Pointer Dereference Affecting glibc package, versions <0:2.26-57.amzn2
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-AMZN2-GLIBC-6098987
- published 5 Dec 2023
- disclosed 12 Aug 2021
Introduced: 12 Aug 2021
CVE-2021-38604 Open this link in a new tabHow to fix?
Upgrade Amazon-Linux:2
glibc
to version 0:2.26-57.amzn2 or higher.
This issue was patched in ALAS2-2023-2371
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Amazon-Linux
.
See How to fix?
for Amazon-Linux:2
relevant fixed versions and status.
In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38604
- https://sourceware.org/git/?p=glibc.git;a=commit;h=4cc79c217744743077bf7a0ec5e0a4318f1e6641
- https://sourceware.org/git/?p=glibc.git;a=commit;h=b805aebd42364fe696e417808a700fdb9800c9e8
- https://sourceware.org/bugzilla/show_bug.cgi?id=28213
- https://blog.tuxcare.com/cve/tuxcare-team-identifies-cve-2021-38604-a-new-vulnerability-in-glibc
- https://security.netapp.com/advisory/ntap-20210909-0005/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://security.gentoo.org/glsa/202208-24
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GYEXYM37RCJWJ6B5KQUYQI4NZBDDYSXP/
- https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=4cc79c217744743077bf7a0ec5e0a4318f1e6641
- https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=b805aebd42364fe696e417808a700fdb9800c9e8