mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.3 KiB
1.3 KiB
CVE-2021-35942
Description
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
POC
Reference
No PoCs from references.
Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/WynSon/CVE-2021-35042
- https://github.com/Zh0ngS0n1337/CVE-2021-35042
- https://github.com/byteakp/OptiDock
- https://github.com/dispera/giant-squid
- https://github.com/madchap/opa-tests
- https://github.com/n3utr1n00/CVE-2021-35042
- https://github.com/nedenwalker/spring-boot-app-using-gradle
- https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln
- https://github.com/ruzickap/cks-notes
- https://github.com/thegeeklab/audit-exporter
- https://github.com/zer0qs/CVE-2021-35042