ALPINE-CVE-2021-42341

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2021-42341

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2021-42341

Upstream

CVE-2021-42341

Published

2021-10-14T05:15:07.787Z

Modified

2026-06-15T18:18:08.839524603Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.

References

https://security.alpinelinux.org/vuln/CVE-2021-42341

Affected packages

Alpine:v3.14

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.43.3-r2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.15

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.16

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.17

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.18

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.19

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.20

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.21

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.22

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.23

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"

Alpine:v3.24

openrc

Package

Name: openrc
Purl: pkg:apk/alpine/openrc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.44.6-r1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2021-42341.json"