CVE-2021-27419

NameCVE-2021-27419
DescriptionuClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh
Debian Bugs1010748

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
uclibc (PTS)stretch1.0.20-2vulnerable
buster1.0.31-1vulnerable
bookworm, sid, bullseye1.0.35-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
uclibcsource(unstable)(unfixed)unimportant1010748

Notes

https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04
https://github.com/wbx-github/uclibc-ng/commit/015d5b8c1a75b551f7f0215543fac01d55abfc0f (v1.0.37)

Search for package or bug name: Reporting problems