Fabre

#1010748 uclibc: CVE-2021-27419 - integer overflow in both malloc and memalign implementations #1010748

Package:: src:uclibc

Source:: uclibc

Submitter:: Neil Williams

Date:: 2022-05-09 08:18:03 UTC

Severity:: important

Tags:

#1010748#5

Date:: 2022-05-09 08:14:58 UTC

From:

To:

Hi,

The following vulnerability was published for uclibc.

CVE-2021-27419[0]:
| uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-
| around in functions malloc-simple. This improper memory assignment can
| lead to arbitrary memory allocation, resulting in unexpected behavior
| such as a crash or a remote code injection/execution.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2021-27419
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27419

Please adjust the affected versions in the BTS as needed.

#1010748 uclibc: CVE-2021-27419 - integer overflow in both malloc and memalign implementations #1010748

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)