A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
References
Configurations
History
21 Nov 2024, 06:21
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=1934088 - Broken Link, Issue Tracking, Patch, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEBF6YHWFNCBW5A2ENSQ3Z56ELF4MTRE/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AMK54N6UOPBFFX2YT32TWSAEFTHGSKAA/ - | |
References | () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQZEUANAWBBAOC4TF5PTPJVLMUR7SFD/ - |
Information
Published : 2021-03-05 21:15
Updated : 2024-11-21 06:21
NVD link : CVE-2021-3420
Mitre link : CVE-2021-3420
CVE.ORG link : CVE-2021-3420
JSON object : View
Products Affected
newlib_project
- newlib
fedoraproject
- fedora
CWE
CWE-190
Integer Overflow or Wraparound