CVEFinder.io

CVE-2021-3999

⚠️ high
🔍 Scan for this CVE
Summary

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CVSS Score
7.8
High
EPSS Score
1.0
Exploit Probability
Published Date
2022-08-24
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.6% of all 328,009 vulnerabilities in our database.

#99,625
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Dec 2, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-12-02
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-193

📦 Affected Products 11

Vendor Product Status Affected Versions
debian debian_linux Affected
v10.0
debian debian_linux Affected
v11.0
gnu glibc Affected
< 2.31
netapp ontap_select_deploy_administration_utility Affected
v-
netapp e-series_performance_analyzer Affected
v-
netapp h300s_firmware Affected
v-
netapp h410c_firmware Affected
v-
netapp h410s_firmware Affected
v-
netapp h500s_firmware Affected
v-
netapp h700s_firmware Affected
v-
netapp nfs_plug-in Affected All versions

🔗 References 8

https://access.redhat.com/security/cve/CVE-2021-3999
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2024637
Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/10...
Mailing List Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2021...
Third Party Advisory
https://security.netapp.com/advisory/ntap-20221104-0...
Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28769
Issue Tracking Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=glibc.git%3B...
https://www.openwall.com/lists/oss-security/2022/01/...
Exploit Mailing List Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-49975 ⚠️ high 7.5 1.3 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service vi... 2026-06-08
CVE-2026-6238 🔶 medium 6.5 0.1 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to valida... 2026-04-28
CVE-2026-5435 ⚠️ high 7.3 0.1 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforc... 2026-04-28
CVE-2026-31431 ⚠️ high 7.8 2.2 In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-pla... 2026-04-22
CVE-2026-4046 ⚠️ high 7.5 0.0 The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when convertin... 2026-03-30
CVE-2026-4775 ⚠️ high 7.8 0.3 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the ... 2026-03-24
These CVEs affect the same products