We are interested in knowing if there is anything in the ConfD daemon that is susceptible to the vulnerability described in CVE-2021-35942. Specifically, does the ConfD daemon code ever call the wordexp() C library function call? Thank you.
The ConfD source code does not contain call to this function. I believe it says something, but you should not take that as a guarantee that ConfD never invokes the function indirectly.
1 Like