Vulnerability CVE-2021-37600

Vulnerability Name:

CVE-2021-37600 (CCN-206484)

Assigned:

2021-07-27

Published:

2021-07-27

Updated:

2021-10-18

Summary:

** DISPUTED ** An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
Note: this is unexploitable in GNU C Library environments, and possibly in all realistic environments.

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

CWE-190

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2021-37600

Source: XF
Type: UNKNOWN
utillinux-cve202137600-dos(206484)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c

Source: CCN
Type: util-linux GIT Repository
Potential integer overflow in ipcutils.c #1395

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://github.com/karelzak/util-linux/issues/1395

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20210902-0002/

Source: CCN
Type: IBM Security Bulletin 6560126 (Sterling Connect:Direct for UNIX Certified Container)
IBM Sterling Connect:Direct for UNIX Certified Container is affected by multiple vulnerabilities in Red Hat Universal Base Image version 8.4-206.1626828523 and Binutils version 2.30-93

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2021-37600

Vulnerable Configuration:

Configuration 1:

cpe:/a:kernel:util-linux:*:*:*:*:*:*:*:* (Version <= 2.37.1)

Configuration 2:

cpe:/a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8061	P	python3-tools-3.6.15-150300.10.45.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7997	P	cargo-1.69.0-150400.24.15.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7576	P	libblkid-devel-2.37.4-150500.7.16 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:792	P	Security update for webkit2gtk3 (Important)	2022-10-01
oval:org.opensuse.security:def:95420	P	Security update for ldb, samba (Important)	2022-08-03
oval:org.opensuse.security:def:3693	P	libupsclient1-2.7.4-3.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3532	P	java-1_7_0-openjdk-1.7.0.231-43.27.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3511	P	grub2-2.02-12.15.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2995	P	libblkid-devel-2.37.2-150400.6.26 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94623	P	libaom3-3.2.0-150400.1.8 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94625	P	libblkid-devel-2.37.2-150400.6.26 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95162	P	uuidd-2.37.2-150400.6.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:127247	P	Security update for util-linux (Important)	2022-04-04
oval:org.opensuse.security:def:125684	P	Security update for util-linux (Important)	2022-04-04
oval:org.opensuse.security:def:126850	P	Security update for util-linux (Important)	2022-04-04
oval:org.opensuse.security:def:6205	P	Security update for apache2 (Important)	2022-03-21
oval:org.opensuse.security:def:111120	P	Security update for util-linux (Moderate)	2021-11-02
oval:org.opensuse.security:def:76029	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:102133	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:66961	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:117516	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:109434	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:5872	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:102768	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:118530	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:73722	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:64600	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:108002	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:69086	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:42133	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:101336	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:96078	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:108799	P	Security update for util-linux (Moderate)	2021-10-26
oval:org.opensuse.security:def:100666	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:99685	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:34567	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:61096	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:76362	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:102214	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:111753	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:67294	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:100001	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:35273	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:99150	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:73904	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:100337	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:26150	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:64782	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:5137	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:1638	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:99422	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:69150	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:60390	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:42229	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:31291	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:84224	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:57517	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:86671	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:31694	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:84683	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:58030	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:87488	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:23693	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:51681	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:32207	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:85755	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:58847	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:57114	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:33024	P	Security update for util-linux (Moderate)	2021-10-19
oval:org.opensuse.security:def:86158	P	Security update for util-linux (Moderate)	2021-10-19

BACK