Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-3420

Опубликовано: 05 мар. 2021
Источник: debian

Описание

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
newlibfixed4.4.0.20231231-1experimentalpackage
newlibfixed4.4.0.20231231-2package
newlibfixed3.3.0-1.3+deb12u1bookwormpackage
newlibignoredbullseyepackage
newlibno-dsabusterpackage
newlibno-dsastretchpackage
picolibcfixed1.5-1package
libnewlib-nanoremovedpackage
libnewlib-nanono-dsabusterpackage

Примечания

  • Fix in picolibc: https://keithp.com/cgit/picolibc.git/commit/newlib/libc/stdlib/mallocr.c?id=aa106b29a6a8a1b0df9e334704292cbc32f2d44e

  • https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e

Связанные уязвимости

ubuntu логотип

CVE-2021-3420

CVSS3: 9.8
ubuntu
почти 5 лет назад

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

nvd логотип

CVE-2021-3420

CVSS3: 9.8
nvd
почти 5 лет назад

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

github логотип

GHSA-wp32-4vw5-mw9c

github
больше 3 лет назад

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

fstec логотип

BDU:2021-04947

CVSS3: 9.8
fstec
почти 5 лет назад

Уязвимость библиотеки newlib, вызванная целочисленным переполнением, позволяющая нарушителю вызвать переполнение буфера