CVE-2021-3420
N/A
N/A
Summary
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | newlib | newlib versions prior to 4.0.0 | affected |
Weaknesses
- CWE-190: CWE-190->CWE-120
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1934088
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEBF6YHWFNCBW5A2ENSQ3Z56ELF4MTRE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQZEUANAWBBAOC4TF5PTPJVLMUR7SFD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AMK54N6UOPBFFX2YT32TWSAEFTHGSKAA/
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1934088
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AEBF6YHWFNCBW5A2ENSQ3Z56ELF4MTRE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSQZEUANAWBBAOC4TF5PTPJVLMUR7SFD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AMK54N6UOPBFFX2YT32TWSAEFTHGSKAA/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.