Vulnerability Description
An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kernel | Util-Linux | <= 2.37.1 |
| Netapp | Ontap Select Deploy Administration Utility | - |
Related Weaknesses (CWE)
References
- https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916PatchThird Party Advisory
- https://github.com/karelzak/util-linux/issues/1395ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
- https://security.gentoo.org/glsa/202401-08
- https://security.netapp.com/advisory/ntap-20210902-0002/Third Party Advisory
- https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916PatchThird Party Advisory
- https://github.com/karelzak/util-linux/issues/1395ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html
- https://security.gentoo.org/glsa/202401-08
- https://security.netapp.com/advisory/ntap-20210902-0002/Third Party Advisory
FAQ
What is CVE-2021-37600?
CVE-2021-37600 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem...
How severe is CVE-2021-37600?
CVE-2021-37600 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37600?
Check the references section above for vendor advisories and patch information. Affected products include: Kernel Util-Linux, Netapp Ontap Select Deploy Administration Utility.