CVE-2021-27419
published 2022-05-03CVE-2021-27419: uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary…
PriorityP356critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.53%
71.6th percentile
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | uclibc | < uclibc 1.0.54-1 (forky) | uclibc 1.0.54-1 (forky) |
| uclibc-ng | uclibc-ng | >= unspecified < 1.0.37 | 1.0.37 |
| uclibc-ng_project | uclibc-ng | < 1.0.37 | 1.0.37 |
| uclibc | uclibc | >= 0 < 1.0.54-1 | 1.0.54-1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian7.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Multiple RTOS (Update E)
cisa_ics·2021-11-30
Multiple RTOS (Update E)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple RTOS (Update E)
Last RevisedApril 19, 2022
Alert CodeICSA-21-119-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Multiple
- Equipment: Multiple
- Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and oth
Debian
CVE-2021-27419: uclibc - uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in func...
vendor_debian·2021·CVSS 7.3
CVE-2021-27419 [HIGH] CVE-2021-27419: uclibc - uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in func...
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.0.54-1)
sid: resolved (fixed in 1.0.54-1)
trixie: open
GHSA
GHSA-499x-cvfw-94w6: uClibc-ng versions prior to 1
ghsa_unreviewed·2022-05-04
CVE-2021-27419 [CRITICAL] CWE-190 GHSA-499x-cvfw-94w6: uClibc-ng versions prior to 1
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
OSV
CVE-2021-27419: uClibc-ng versions prior to 1
osv·2022-05-03·CVSS 9.8
CVE-2021-27419 [CRITICAL] CVE-2021-27419: uClibc-ng versions prior to 1
uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-03
Published