CVE-2021-31873Integer Overflow or Wraparound in Project Klibc

CWE-190Integer Overflow or Wraparound6 documents6 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Klibc Project KlibcDebian Linux
Timeline
PublishedApr 30
Latest updateMay 24

Description

An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDklibc_project/klibc< 2.0.9
Debianklibc_project/klibc< 2.0.8-6+3

Also affects: Debian Linux 9.0

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

3
GHSA
GHSA-gghj-9rfx-j4r7: An issue was discovered in klibc before 22022-05-24
OSV
CVE-2021-31873: An issue was discovered in klibc before 22021-04-30
CVEList
CVE-2021-31873: An issue was discovered in klibc before 22021-04-30

📋Vendor Advisories

2
Ubuntu
klibc vulnerabilities2022-04-18
Debian
CVE-2021-31873: klibc - An issue was discovered in klibc before 2.0.9. Additions in the malloc() functio...2021
CVE-2021-31873 — Integer Overflow or Wraparound | cvebase