ConfD User Community

Does ConfD daemon use the wordexp() libc function?

We are interested in knowing if there is anything in the ConfD daemon that is susceptible to the vulnerability described in CVE-2021-35942. Specifically, does the ConfD daemon code ever call the wordexp() C library function call? Thank you.

The ConfD source code does not contain call to this function. I believe it says something, but you should not take that as a guarantee that ConfD never invokes the function indirectly.

1 Like