CVE-2021-31871
published 2021-04-30CVE-2021-31871: An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.86%
76.6th percentile
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | klibc | < klibc 2.0.8-6 (bookworm) | klibc 2.0.8-6 (bookworm) |
| klibc_project | klibc | < 2.0.9 | 2.0.9 |
| klibc_project | klibc | >= 0 < 2.0.8-6 | 2.0.8-6 |
| klibc_project | klibc | >= 0 < 2.0.8-6 | 2.0.8-6 |
| klibc_project | klibc | >= 0 < 2.0.8-6 | 2.0.8-6 |
| klibc_project | klibc | >= 0 < 2.0.8-6 | 2.0.8-6 |
| klibc_project | klibc | >= 0 < 2.0.4-9ubuntu2.1 | 2.0.4-9ubuntu2.1 |
| klibc_project | klibc | >= 0 < 2.0.7-1ubuntu5.1 | 2.0.7-1ubuntu5.1 |
| klibc_project | klibc | >= 0 < 2.0.3-0ubuntu1.14.04.3+esm2 | 2.0.3-0ubuntu1.14.04.3+esm2 |
| klibc_project | klibc | >= 0 < 2.0.4-8ubuntu1.16.04.4+esm1 | 2.0.4-8ubuntu1.16.04.4+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xhrj-7pjg-g5cf: An issue was discovered in klibc before 2
ghsa_unreviewed·2022-05-24
CVE-2021-31871 [HIGH] CWE-190 GHSA-xhrj-7pjg-g5cf: An issue was discovered in klibc before 2
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
OSV
klibc vulnerabilities
osv·2022-04-18·CVSS 9.8
CVE-2021-31870 [CRITICAL] klibc vulnerabilities
klibc vulnerabilities
It was discovered that klibc did not properly perform
some mathematical operations, leading to an integer overflow.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-31870)
It was discovered that klibc did not properly handled some
memory allocations on 64 bit systems. An attacker could
possibly use this issue to cause a crash, resulting in a
denial of service, or possibly execute arbitrary code.
(CVE-2021-31871)
It was discovered that klibc did not properly handled some file
sizes values on 32 bit systems. An attacker could possibly use
this issue to cause a crash, resulting in a denial of service,
or possibly execute arbitrary code. (CVE-2021-31872)
It was discovered that k
OSV
CVE-2021-31871: An issue was discovered in klibc before 2
osv·2021-04-30·CVSS 7.5
CVE-2021-31871 [HIGH] CVE-2021-31871: An issue was discovered in klibc before 2
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
Ubuntu
klibc vulnerabilities
vendor_ubuntu·2022-04-18·CVSS 9.8
CVE-2021-31870 [CRITICAL] klibc vulnerabilities
Title: klibc vulnerabilities
Summary: Several security issues were fixed in klibc.
It was discovered that klibc did not properly perform
some mathematical operations, leading to an integer overflow.
An attacker could possibly use this issue to cause a crash,
resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-31870)
It was discovered that klibc did not properly handled some
memory allocations on 64 bit systems. An attacker could
possibly use this issue to cause a crash, resulting in a
denial of service, or possibly execute arbitrary code.
(CVE-2021-31871)
It was discovered that klibc did not properly handled some file
sizes values on 32 bit systems. An attacker could possibly use
this issue to cause a crash, resulting in a denial of service,
or possibly exec
Debian
CVE-2021-31871: klibc - An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio c...
vendor_debian·2021·CVSS 7.5
CVE-2021-31871 [HIGH] CVE-2021-31871: klibc - An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio c...
An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.
Scope: local
bookworm: resolved (fixed in 2.0.8-6)
bullseye: resolved (fixed in 2.0.8-6)
forky: resolved (fixed in 2.0.8-6)
sid: resolved (fixed in 2.0.8-6)
trixie: resolved (fixed in 2.0.8-6)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2021/04/30/1https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5https://kernel.org/pub/linux/libs/klibc/2.0/https://lists.debian.org/debian-lts-announce/2021/06/msg00025.htmlhttps://lists.zytor.com/archives/klibc/2021-April/004593.htmlhttp://www.openwall.com/lists/oss-security/2021/04/30/1https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5https://kernel.org/pub/linux/libs/klibc/2.0/https://lists.debian.org/debian-lts-announce/2021/06/msg00025.htmlhttps://lists.zytor.com/archives/klibc/2021-April/004593.html
2021-04-30
Published