TuxCare Team identifies CVE-2021-38604, a new vulnerability in glibc

The TuxCare Team is responsible for performing in-depth analyses of new CVEs. This is done for every new CVE that pops up, which affects, directly or indirectly, the Linux ecosystem. We check to see if the distributions we provide services for are affected. When one such CVE does affect the supported distributions, the Team members roll up their sleeves and start digging into the code.

While performing this work on CVE-2021-33574, Nikita Popov, one of our Team members, identified a problem with the upstream glibc. It turns out that it is possible to cause a situation where a segmentation fault could be triggered in a specific code path within the library. This can, in turn, lead to the application using the library to crash, resulting in a Denial-of-Service issue.

Continue reading “TuxCare Team identifies CVE-2021-38604, a new vulnerability in glibc”