First published: Thu Nov 18 2021(Updated: )
A flaw was found in glibc. The realpath function may sometimes return a unexpected value, potentially leading to disclosure of sensitive data.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU glibc | >=2.33<2.35 | |
NetApp ONTAP Select Deploy administration utility | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
debian/glibc | 2.31-13+deb11u11 2.31-13+deb11u10 2.36-9+deb12u9 2.36-9+deb12u7 2.40-4 | |
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-3998 is a vulnerability in glibc that allows the realpath() function to return unexpected values, potentially leading to information leakage and disclosure of sensitive data.
CVE-2021-3998 has a severity rating of 7.5 out of 10, indicating a high severity.
CVE-2021-3998 affects GNU glibc, NetApp ONTAP Select Deploy administration utility, Apple macOS Ventura, Apple macOS Big Sur, Apple macOS Monterey, and Netapp H410c Firmware.
To fix CVE-2021-3998, update the affected software to the latest version provided by the respective vendors.
You can find more information about CVE-2021-3998 in the references provided: [Reference 1](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2039674), [Reference 2](https://sourceware.org/bugzilla/show_bug.cgi?id=28770), [Reference 3](https://patchwork.sourceware.org/project/glibc/patch/20220113055920.3155918-1-siddhesh@sourceware.org/).