CVE-2021-31872 — Integer Overflow or Wraparound in Project Klibc

CWE-190 — Integer Overflow or Wraparound7 documents6 sources

Severity

9.8CRITICALNVD

EPSS

1.2%

top 21.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Klibc Project Klibc Debian Linux

Timeline

PublishedApr 30

Latest updateMay 24

Description

An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDklibc_project/klibc< 2.0.9

▶Debianklibc_project/klibc< 2.0.8-6+3

Also affects: Debian Linux 9.0

Patches

Patch: git.kernel.org ↗Patch: git.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-4q4g-ccqq-vfqg: An issue was discovered in klibc before 2↗2022-05-24

▶

OSV

klibc vulnerabilities↗2022-04-18

▶

CVEList

CVE-2021-31872: An issue was discovered in klibc before 2↗2021-04-30

▶

OSV

CVE-2021-31872: An issue was discovered in klibc before 2↗2021-04-30

▶

📋Vendor Advisories

Ubuntu

klibc vulnerabilities↗2022-04-18

▶

Debian

CVE-2021-31872: klibc - An issue was discovered in klibc before 2.0.9. Multiple possible integer overflo...↗2021

▶