CVE-2021-27645

The nameserver caching daemon (nscd) in the GNU C Library (aka glibc or libc6) 2.29 through 2.33, when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. This is related to netgroupcache.c.

Database specific

{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "33"
                }
            ]
        },
        {
            "cpe": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "34"
                }
            ]
        }
    ]
}

References

Affected packages

Git / sourceware.org/git/glibc.git

Affected ranges

Type

GIT

Repo

https://sourceware.org/git/glibc.git

Events

Introduced

56c86f5dd516284558e106d04b92875d5b623b7a

Last affected

9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3

Database specific

{
    "cpe": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "2.29"
        },
        {
            "last_affected": "2.33"
        }
    ]
}

Affected versions

Other

changelog-ends-here

glibc-2.*

glibc-2.29

glibc-2.29.9000

glibc-2.30

glibc-2.30.9000

glibc-2.31

glibc-2.31.9000

glibc-2.32

glibc-2.32.9000

glibc-2.33

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-27645.json"