CVE-2021-31870 — Integer Overflow or Wraparound in Project Klibc

CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

9.8CRITICALNVD

EPSS

1.3%

top 20.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Klibc Project Klibc Debian Linux

Timeline

PublishedApr 30

Latest updateMay 24

Description

An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDklibc_project/klibc< 2.0.9

▶Debianklibc_project/klibc< 2.0.8-6+3

▶Ubuntuklibc_project/klibc< 2.0.4-9ubuntu2.1+3

Also affects: Debian Linux 9.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-q5g5-fc84-93h4: An issue was discovered in klibc before 2↗2022-05-24

▶

OSV

klibc vulnerabilities↗2022-04-18

▶

OSV

CVE-2021-31870: An issue was discovered in klibc before 2↗2021-04-30

▶

CVEList

CVE-2021-31870: An issue was discovered in klibc before 2↗2021-04-30

▶

📋Vendor Advisories

Ubuntu

klibc vulnerabilities↗2022-04-18

▶

Debian

CVE-2021-31870: klibc - An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() fu...↗2021

▶