Cyber Resilience

CVE-2021-35942

Critical

Published: 22 July 2021

Published
22 July 2021
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score 0.0141 80.9th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-35942 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Gnu Glibc. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 19.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information.…

more

This occurs because atoi was used but strtoul should have been used to ensure correct calculations.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

gnu
glibc
≤ 2.31
netapp
active iq unified manager
all versions
netapp
e-series santricity os controller
11.0 — 11.70.1
netapp
hci management node
all versions
netapp
ontap select deploy administration utility
all versions
netapp
solidfire
all versions
debian
debian linux
10.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References