Your submission was sent successfully! Close

CVE-2021-27645

Published: 24 February 2021

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Priority

Low

CVSS 3 base score: 2.5

Status

Package Release Status
eglibc
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

impish Does not exist

jammy Does not exist

precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Does not exist

glibc
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (2.31-0ubuntu9.7)
groovy Ignored
(reached end-of-life)
hirsute Not vulnerable
(2.33-0ubuntu5)
impish Not vulnerable
(2.33-0ubuntu5)
jammy Not vulnerable
(2.33-0ubuntu5)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Needs triage

Patches:
upstream: https://sourceware.org/git/?p=glibc.git;a=commit;h=dca565886b5e8bd7966e15f0ca42ee5cff686673

Notes

AuthorNote
mdeslaur
introduced in 2.29 by:
https://sourceware.org/git/?p=glibc.git;a=commit;h=745664bd798ec8fd50438605948eea594179fba1
introduced in 2.28-1 debian packaging by:
https://salsa.debian.org/glibc-team/glibc/-/commit/aea56157b456d4d9bef337d0149e952a41a7d919

References

Bugs