Home > Vulnerability Database > CVE-2021-42341

Mend.io Vulnerability Database

CVE-2021-42341

Date: October 14, 2021

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.

Language: C

Severity Score

7.5

Related Resources (9)

Url: https://github.com/OpenRC/openrc/issues/418

Url: https://github.com/OpenRC/openrc/pull/462

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-42341

Url: https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204

Url: https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae

Url: https://bugs.gentoo.org/816900

Url: https://security.alpinelinux.org/vuln/CVE-2021-42341

Url: https://github.com/OpenRC/openrc/issues/459

Url: https://www.mend.io/vulnerability-database/CVE-2021-42341

Severity Score

7.5

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-42341

Date: October 14, 2021

Language: C

Severity Score

Related Resources (9)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?