cve/2021/CVE-2021-35942.md

### [CVE-2021-35942](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/WynSon/CVE-2021-35042
- https://github.com/Zh0ngS0n1337/CVE-2021-35042
- https://github.com/byteakp/OptiDock
- https://github.com/dispera/giant-squid
- https://github.com/madchap/opa-tests
- https://github.com/n3utr1n00/CVE-2021-35042
- https://github.com/nedenwalker/spring-boot-app-using-gradle
- https://github.com/nedenwalker/spring-boot-app-with-log4j-vuln
- https://github.com/ruzickap/cks-notes
- https://github.com/thegeeklab/audit-exporter
- https://github.com/zer0qs/CVE-2021-35042