CVE-2021-27419 — Integer Overflow or Wraparound in Uclibc-ng

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

9.8CRITICALNVD

EPSS

2.6%

top 14.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uclibc-ng Uclibc Uclibc-ng Project Uclibc-ng +1 more

Timeline

PublishedMay 3

Latest updateMay 4

Description

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/uclibc< uclibc 1.0.54-1 (forky)

▶CVEListV5uclibc-ng/uclibc-ngunspecified — 1.0.37

▶NVDuclibc-ng_project/uclibc-ng< 1.0.37

▶Debianuclibc/uclibc< 1.0.54-1

🔴Vulnerability Details

GHSA

GHSA-499x-cvfw-94w6: uClibc-ng versions prior to 1↗2022-05-04

▶

OSV

CVE-2021-27419: uClibc-ng versions prior to 1↗2022-05-03

▶

📋Vendor Advisories

CISA ICS

Multiple RTOS (Update E)↗2021-11-30

▶

Debian

CVE-2021-27419: uclibc - uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in func...↗2021

▶