CVE-2021-3998
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 24 Aug 2022, 00:00
Last modified:09 Jun 2025, 15:00
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.15% LOW
0% probability +0.02%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
24 Aug 2022, 00:00
Published
Vulnerability first disclosed
09 Jun 2025, 15:00
Last Modified
Vulnerability information updated
Description
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 0.15%• Percentile: 35%
Techniques & Countermeasures
- CWE-125•Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
- CWE-252•Unchecked Return Value
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Affected Systems
- gnu•glibc
≥ 2.33, < 2.35
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500s_firmware
na
- netapp•h700s_firmware
na
- netapp•ontap_select_deploy_administration_utility
na
References (8)
- https://www.openwall.com/lists/oss-security/2022/01/24/4
- https://sourceware.org/bugzilla/show_bug.cgi?id=28770
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb
- https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03
- https://bugzilla.redhat.com/show_bug.cgi?id=2024633
- https://access.redhat.com/security/cve/CVE-2021-3998
- https://security-tracker.debian.org/tracker/CVE-2021-3998
- https://security.netapp.com/advisory/ntap-20221020-0003/