CVE-2021-42341
- Source
- https://cve.org/CVERecord?id=CVE-2021-42341
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42341.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-42341
- Downstream
- Published
- 2021-10-14T05:15:07.787Z
- Modified
- 2026-04-11T18:45:36.934628Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.
- References
-
- https://bugs.gentoo.org/816900
- https://github.com/OpenRC/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae
- https://github.com/OpenRC/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204
- https://github.com/OpenRC/openrc/issues/418
- https://github.com/OpenRC/openrc/issues/459
- https://github.com/OpenRC/openrc/pull/462
Affected packages
Git / github.com/openrc/openrc
Affected versions
0.*
0.14
0.15
0.16
0.17
0.18
0.19
0.20
0.21
0.22
0.23
0.24
0.25
0.26
0.27
0.28
0.29
0.30
0.31
0.32
0.33
0.34
0.35
0.36
0.37
0.38
0.39
0.40
0.41
0.42
0.43
0.44
0.44.1
0.44.2
0.44.3
0.44.4
0.44.5
0.44.6
funtoo-openrc-0.*
funtoo-openrc-0.10
openrc-0.*
openrc-0.1
openrc-0.10
openrc-0.11
openrc-0.12
openrc-0.13
openrc-0.2
openrc-0.2.1
openrc-0.2.2
openrc-0.2.3
openrc-0.2.4
openrc-0.2.5
openrc-0.3.0
openrc-0.4.1
openrc-0.4.2
openrc-0.4.3
openrc-0.5.1
openrc-0.5.2
openrc-0.5.3
openrc-0.6.0
openrc-0.6.1
openrc-0.6.2
openrc-0.6.3
openrc-0.6.4
openrc-0.6.5
openrc-0.6.6
openrc-0.6.7
openrc-0.6.8
openrc-0.7.0
openrc-0.8.0
openrc-0.8.1
openrc-0.8.2
openrc-0.8.3
openrc-0.9.0
openrc-0.9.2
openrc-0.9.3
openrc-0.9.4
openrc-0.9.5
openrc-0.9.6
openrc-0.9.7
openrc-0.9.8
openrc-0.9.8.1
openrc-0.9.9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-42341.json"
vanir_signatures_modified
"2026-04-11T18:45:36Z"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/openrc/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204",
"digest": {
"threshold": 0.9,
"line_hashes": [
"207679416206326861038642815747665608070",
"306811907150965935071199721586451901054",
"248606507048680140938313775952029393638",
"32882432418019817314654663469612702326"
]
},
"id": "CVE-2021-42341-4bd5508a",
"deprecated": false,
"target": {
"file": "src/rc/checkpath.c"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/openrc/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae",
"digest": {
"threshold": 0.9,
"line_hashes": [
"45057512560065433203384835656393182996",
"203195856256754260875214493873999561561",
"180073597658392079713689905354966276894",
"61341373325503063106368747768837312032",
"8541824265712935841359065203911070283",
"5793846777462089443266027614163972899",
"16448722649974046682378375240976205483",
"15245629152732676392184877446644895749",
"260306301820211992372726519336481115318",
"131923064533998638388817993741821923757",
"178576601073051544819759240433395045013",
"260888722047746666487514733750536182357",
"268656059247349874073266928249638713721",
"134142116609933514116837226408076646027",
"143886639434633822553547662491661285241",
"274566218699362171606134349699654484465",
"61201551075889825972854987358443282760",
"70528938680108357449356890817907164175",
"236068047111414426674650716020170007704",
"7564714837949738247637194820652667243",
"231494718903656406396743929245647863203",
"20885336192955867217990311440218979211",
"118675555220676572100048326970366300759",
"135470900035884913073991822739382831887",
"102254948405254144808689212673586852396",
"305325335611317341936889035693236300237",
"253280716470911579951221887059716900460",
"127489358081139359432628350313215993195",
"45175478354120890939981633198658265447",
"182329471395905723311182326836356304383",
"199762465766809131589544349179197100198",
"224798346174053818807420658189791392487",
"218161424380041216086684924084290394398",
"250644211414518598850466377990168421647",
"239266466125563874929105533905485625636",
"274826657537095971866335891709620252868",
"111806724767392942611785665456033653503",
"168371052946930203792729322163429576679"
]
},
"id": "CVE-2021-42341-875384d4",
"deprecated": false,
"target": {
"file": "src/rc/checkpath.c"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/openrc/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae",
"digest": {
"function_hash": "231158222591236663606464182066127475142",
"length": 1550.0
},
"id": "CVE-2021-42341-8c692ce4",
"deprecated": false,
"target": {
"file": "src/rc/checkpath.c",
"function": "main"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/openrc/openrc/commit/bb8334104baf4d5a4a442a8647fb9204738f2204",
"digest": {
"function_hash": "92566106471082546406511347603524503662",
"length": 427.0
},
"id": "CVE-2021-42341-d062cbcd",
"deprecated": false,
"target": {
"file": "src/rc/checkpath.c",
"function": "clean_path"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/openrc/openrc/commit/63db2d99e730547339d1bdd28e8437999c380cae",
"digest": {
"function_hash": "202064691133594493893387517198332028127",
"length": 1611.0
},
"id": "CVE-2021-42341-e80c09b5",
"deprecated": false,
"target": {
"file": "src/rc/checkpath.c",
"function": "get_dirfd"
}
}
]