CVE-2021-35942 – This vulnerability in glibc's wordexp function ... (How to Fix)

Q: What is the severity of CVE-2021-35942?

CVE-2021-35942 has a CVSS score of 9.1 (CRITICAL). This vulnerability in glibc's wordexp function allows attackers to cause denial of service or potentially read arbitrary memory when processing malicious input. It affects any application using glibc's wordexp function with untrusted input. Systems running vulnerable glibc versions are at risk.

📋 TL;DR

This vulnerability in glibc's wordexp function allows attackers to cause denial of service or potentially read arbitrary memory when processing malicious input. It affects any application using glibc's wordexp function with untrusted input. Systems running vulnerable glibc versions are at risk.

💻 Affected Systems

Products:

GNU C Library (glibc)

Versions: All versions through 2.33

Operating Systems: Linux distributions using glibc, Other Unix-like systems with glibc

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications that call wordexp() with untrusted input. Many applications don't use this function.

📦 What is this software?

Glibc by Gnu

The GNU C Library (glibc) is the core C library for Linux systems, providing essential system calls and basic functions for all C programs. It is a fundamental component that nearly every Linux application depends on.

Learn more about Glibc →

Hci Management Node by Netapp

View all CVEs affecting Hci Management Node →

Ontap Select Deploy Administration Utility by Netapp

View all CVEs affecting Ontap Select Deploy Administration Utility →

Solidfire by Netapp

View all CVEs affecting Solidfire →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution or sensitive memory disclosure leading to complete system compromise

🟠

Likely Case

Application crash causing denial of service, potentially with some memory disclosure

🟢

If Mitigated

No impact if applications don't use wordexp with untrusted input or if proper input validation is implemented

🌐 Internet-Facing: MEDIUM - Exploitable if applications expose wordexp functionality to untrusted users

🏢 Internal Only: LOW - Requires specific application usage patterns and untrusted input

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept demonstrates crash/DoS. Memory disclosure requires more sophisticated exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: glibc 2.34 and later

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=28011

Restart Required: Yes

Instructions:

1. Update glibc package using your distribution's package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade libc6. 3. For RHEL/CentOS: sudo yum update glibc. 4. Restart affected services or reboot system.

🔧 Temporary Workarounds

Input validation

all

Validate and sanitize all input before passing to wordexp function

Application hardening

linux

Use seccomp or other sandboxing to restrict wordexp usage

🧯 If You Can't Patch

Audit applications for wordexp usage and restrict untrusted input
Implement network segmentation and limit exposure of vulnerable applications

🔍 How to Verify

Check if Vulnerable:

Check glibc version: ldd --version | head -1

Check Version:

ldd --version | head -1

Verify Fix Applied:

Verify glibc version is 2.34 or later: ldd --version | head -1

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Unexpected memory access patterns

Network Indicators:

Unusual patterns of input to applications using wordexp

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "wordexp" OR "glibc crash")

📊 Metadata

CVE ID: CVE-2021-35942

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-190

EPSS Score: 1.11% exploit probability (77.8th percentile)

Published: July 22, 2021

Last Updated: February 13, 2026

🔗 References

https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202208-24 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210827-0005/ Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28011 Issue Tracking,Third Party Advisory
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c Broken Link
https://sourceware.org/glibc/wiki/Security%20Exceptions Not Applicable
https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html Mailing List,Third Party Advisory
https://security.gentoo.org/glsa/202208-24 Third Party Advisory
https://security.netapp.com/advisory/ntap-20210827-0005/ Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28011 Issue Tracking,Third Party Advisory
https://sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=5adda61f62b77384718b4c0d8336ade8f2b4b35c Broken Link
https://sourceware.org/glibc/wiki/Security%20Exceptions Not Applicable

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35942, you might also want to check these: