CVE-2021-42341

Description

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.

Related CPE's

a openrc_project openrc ********

References

https://github.com/OpenRC/openrc/issues/459

ExploitPatchThird Party Advisory

https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204

PatchThird Party Advisory

https://bugs.gentoo.org/816900

ExploitPatchThird Party Advisory

https://github.com/OpenRC/openrc/pull/462

PatchThird Party Advisory

https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae

PatchThird Party Advisory

https://github.com/OpenRC/openrc/issues/418

ExploitPatchThird Party Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	NONE
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	HIGH
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	7.5
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	NONE
AvailabilityImpact	PARTIAL
IntegrityImpact	NONE
BaseScore	5
VectorString	AV:N/AC:L/Au:N/C:N/I:N/A:P
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io