Vulnerability CVE-2021-31870: Information
Description
An issue was discovered in klibc before 2.0.9. Multiplication in the calloc() function may result in an integer overflow and a subsequent heap buffer overflow.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
klibc | sisyphus | 2.0.9-alt1 | 2.0.13-alt1 | ALT-PU-2021-1803-1 | 271846 | Fixed |
klibc | sisyphus_riscv64 | 2.0.9-alt1 | 2.0.13-alt1 | ALT-PU-2022-3464-1 | - | Fixed |
klibc | p10 | 2.0.9-alt1 | 2.0.9-alt1 | ALT-PU-2021-1803-1 | 271846 | Fixed |
klibc | c10f1 | 2.0.9-alt1 | 2.0.9-alt1 | ALT-PU-2021-1803-1 | 271846 | Fixed |
klibc | c9f2 | 2.0.8-alt2.c9f2.1 | 2.0.8-alt2.c9f2.1 | ALT-PU-2022-1761-1 | 298875 | Fixed |
klibc | p11 | 2.0.9-alt1 | 2.0.13-alt1 | ALT-PU-2021-1803-1 | 271846 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://kernel.org/pub/linux/libs/klibc/2.0/ |
|
https://lists.zytor.com/archives/klibc/2021-April/004593.html |
|
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 |
|
[oss-security] 20210430 [ANNOUNCE] klibc 2.0.9 |
|
[debian-lts-announce] 20210628 [SECURITY] [DLA 2695-1] klibc security update |
|