Double Free

Affecting glibc package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to Double Free. The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Remediation

There is no fixed version for glibc.

References

CVSS Score

2.5
low severity
  • Attack Vector
    Local
  • Attack Complexity
    High
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    Low
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE
CVE-2021-27645
CWE
CWE-415
Snyk ID
SNYK-DEBIAN9-GLIBC-1078994
Disclosed
24 Feb, 2021
Published
25 Feb, 2021