QwikSec

Security Database

CVE

CWE

Training

CVE-2021-3999

Published: Aug 24, 2022

Modified: Dec 2, 2025

PUBLISHED

Description

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

Vendor	Product	Versions
n/a	glibc	affected `Fixed in glibc v2.31 and above.`

Weaknesses (CWE)

References

https://www.openwall.com/lists/oss-security/2022/01/24/4

https://sourceware.org/bugzilla/show_bug.cgi?id=28769

https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e

https://bugzilla.redhat.com/show_bug.cgi?id=2024637

https://access.redhat.com/security/cve/CVE-2021-3999

https://security-tracker.debian.org/tracker/CVE-2021-3999

[debian-lts-announce] 20221017 [SECURITY] [DLA 3152-1] glibc security update

mailing-list

https://security.netapp.com/advisory/ntap-20221104-0001/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.