First published: Wed Jul 28 2021(Updated: )
** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Kernel Util-linux | <=2.37.1 | |
NetApp ONTAP Select Deploy administration utility |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-37600.
The severity of CVE-2021-37600 is medium (5.5).
The affected software is util-linux through 2.37.1 and NetApp ONTAP Select Deploy administration utility.
There is currently no known fix for CVE-2021-37600. Please follow the official references for any updates or patches.
The references for CVE-2021-37600 are: [GitHub commit](https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c), [GitHub issue](https://github.com/karelzak/util-linux/issues/1395), [NetApp security advisory](https://security.netapp.com/advisory/ntap-20210902-0002/).