CVE-2021-31871Integer Overflow or Wraparound in Project Klibc

CWE-190Integer Overflow or Wraparound7 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.6%
top 18.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Klibc Project KlibcDebian Linux
Timeline
PublishedApr 30
Latest updateMay 24

Description

An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDklibc_project/klibc< 2.0.9
Debianklibc_project/klibc< 2.0.8-6+3

Also affects: Debian Linux 9.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

4
GHSA
GHSA-xhrj-7pjg-g5cf: An issue was discovered in klibc before 22022-05-24
OSV
klibc vulnerabilities2022-04-18
OSV
CVE-2021-31871: An issue was discovered in klibc before 22021-04-30
CVEList
CVE-2021-31871: An issue was discovered in klibc before 22021-04-30

📋Vendor Advisories

2
Ubuntu
klibc vulnerabilities2022-04-18
Debian
CVE-2021-31871: klibc - An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio c...2021
CVE-2021-31871 — Integer Overflow or Wraparound | cvebase