CVE-2021-32773

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32773
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32773.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-32773
Aliases
  • GHSA-cgrw-p7p7-937c
Related
Published
2021-07-20T00:15:08Z
Modified
2024-10-12T07:37:01.893597Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Racket is a general-purpose programming language and an ecosystem for language-oriented programming. In versions prior to 8.2, code evaluated using the Racket sandbox could cause system modules to incorrectly use attacker-created modules instead of their intended dependencies. This could allow system functions to be controlled by the attacker, giving access to facilities intended to be restricted. This problem is fixed in Racket version 8.2. A workaround is available, depending on system settings. For systems that provide arbitrary Racket evaluation, external sandboxing such as containers limit the impact of the problem. For multi-user evaluation systems, such as the handin-server system, it is not possible to work around this problem and upgrading is required.

References

Affected packages

Debian:11 / racket

Package

Name
racket
Purl
pkg:deb/debian/racket?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.9+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / racket

Package

Name
racket
Purl
pkg:deb/debian/racket?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.9+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / racket

Package

Name
racket
Purl
pkg:deb/debian/racket?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.9+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/racket/racket

Affected ranges

Type
GIT
Repo
https://github.com/racket/racket
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

old-v299.*

old-v299.200
old-v299.400

Other

old-v300
old-v351
old-v352
old-v360
old-v370
old-v371

v4.*

v4.0
v4.0.1
v4.1
v4.1.1

v5.*

v5.0.1