CVE-2021-42341 — HIGH (7.5)

Q: How severe is CVE-2021-42341?

CVE-2021-42341 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-42341?

Check the references section above for vendor advisories and patch information. Affected products include: Openrc Project Openrc.

Vulnerability Description

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openrc Project	Openrc	>= 0.44.0, < 0.44.7

References

https://bugs.gentoo.org/816900ExploitPatchThird Party Advisory
https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380caePatchThird Party Advisory
https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204PatchThird Party Advisory
https://github.com/OpenRC/openrc/issues/418ExploitPatchThird Party Advisory
https://github.com/OpenRC/openrc/issues/459ExploitPatchThird Party Advisory
https://github.com/OpenRC/openrc/pull/462PatchThird Party Advisory
https://bugs.gentoo.org/816900ExploitPatchThird Party Advisory
https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380caePatchThird Party Advisory
https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204PatchThird Party Advisory
https://github.com/OpenRC/openrc/issues/418ExploitPatchThird Party Advisory
https://github.com/OpenRC/openrc/issues/459ExploitPatchThird Party Advisory
https://github.com/OpenRC/openrc/pull/462PatchThird Party Advisory

FAQ

What is CVE-2021-42341?

CVE-2021-42341 is a vulnerability with a CVSS score of 7.5 (HIGH). checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021...

How severe is CVE-2021-42341?

CVE-2021-42341 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-42341?

Check the references section above for vendor advisories and patch information. Affected products include: Openrc Project Openrc.