Vulnerability CVE-2021-31872: Information
Description
An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
klibc | c9f2 | 2.0.8-alt2.c9f2.1 | 2.0.8-alt2.c9f2.1 | ALT-PU-2022-1761-1 | 298875 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://kernel.org/pub/linux/libs/klibc/2.0/ |
|
https://lists.zytor.com/archives/klibc/2021-April/004593.html |
|
https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff |
|
[oss-security] 20210430 [ANNOUNCE] klibc 2.0.9 |
|
[debian-lts-announce] 20210628 [SECURITY] [DLA 2695-1] klibc security update |
|