{"id":"CVE-2021-3998","details":"A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.","modified":"2026-04-12T01:58:35.990116Z","published":"2022-08-24T16:15:09.010Z","related":["openSUSE-SU-2024:11850-1"],"references":[{"type":"WEB","url":"https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=84d2d0fe20bdf94feed82b21b4d7d136db471f03"},{"type":"WEB","url":"https://sourceware.org/git/gitweb.cgi?p=glibc.git%3Bh=ee8d5e33adb284601c00c94687bc907e10aec9bb"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-3998"},{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2021-3998"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20221020-0003/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024633"},{"type":"FIX","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=28770"},{"type":"FIX","url":"https://www.openwall.com/lists/oss-security/2022/01/24/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://sourceware.org/git/glibc.git","events":[{"introduced":"9826b03b747b841f5fc6de2054bf1ef3f5c4bdf3"},{"fixed":"f94f6d8a3572840d3ba42ab9ace3ea522c99c0c2"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.33"},{"fixed":"2.35"}]}}],"versions":["glibc-2.33","glibc-2.33.9000","glibc-2.34","glibc-2.34.9000"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3998.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}