CVE-2021-31873

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-31873
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31873.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-31873
Downstream
Published
2021-04-30T06:15:07.343Z
Modified
2026-03-15T22:40:47.956222Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.

References

Affected packages

Git / github.com/huolinjue/klibc

Affected ranges

Type
GIT
Repo
https://github.com/huolinjue/klibc
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2e48a12ab1e30d43498c2d53e878a11a1b5102d5
Fixed
a31ae8c508fc8d1bca4f57e9f9f88127572d5202
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.0.9"
        }
    ]
}

Affected versions

klibc-0.*
klibc-0.1
klibc-0.10
klibc-0.100
klibc-0.101
klibc-0.102
klibc-0.103
klibc-0.104
klibc-0.105
klibc-0.106
klibc-0.107
klibc-0.108
klibc-0.109
klibc-0.11
klibc-0.110
klibc-0.111
klibc-0.112
klibc-0.113
klibc-0.114
klibc-0.115
klibc-0.116
klibc-0.117
klibc-0.118
klibc-0.119
klibc-0.12
klibc-0.120
klibc-0.121
klibc-0.122
klibc-0.123
klibc-0.124
klibc-0.125
klibc-0.126
klibc-0.127
klibc-0.128
klibc-0.129
klibc-0.13
klibc-0.130
klibc-0.131
klibc-0.132
klibc-0.133
klibc-0.134
klibc-0.135
klibc-0.136
klibc-0.137
klibc-0.138
klibc-0.139
klibc-0.14
klibc-0.140
klibc-0.141
klibc-0.142
klibc-0.143
klibc-0.144
klibc-0.145
klibc-0.146
klibc-0.147
klibc-0.148
klibc-0.149
klibc-0.15
klibc-0.150
klibc-0.151
klibc-0.152
klibc-0.153
klibc-0.154
klibc-0.155
klibc-0.156
klibc-0.157
klibc-0.158
klibc-0.159
klibc-0.16
klibc-0.160
klibc-0.161
klibc-0.162
klibc-0.163
klibc-0.164
klibc-0.165
klibc-0.166
klibc-0.167
klibc-0.168
klibc-0.169
klibc-0.17
klibc-0.170
klibc-0.171
klibc-0.172
klibc-0.173
klibc-0.174
klibc-0.175
klibc-0.176
klibc-0.177
klibc-0.178
klibc-0.179
klibc-0.18
klibc-0.180
klibc-0.181
klibc-0.182
klibc-0.183
klibc-0.184
klibc-0.185
klibc-0.186
klibc-0.187
klibc-0.188
klibc-0.189
klibc-0.19
klibc-0.190
klibc-0.191
klibc-0.192
klibc-0.193
klibc-0.194
klibc-0.195
klibc-0.196
klibc-0.197
klibc-0.198
klibc-0.199
klibc-0.2
klibc-0.20
klibc-0.200
klibc-0.201
klibc-0.202
klibc-0.203
klibc-0.204
klibc-0.205
klibc-0.206
klibc-0.207
klibc-0.208
klibc-0.209
klibc-0.21
klibc-0.210
klibc-0.211
klibc-0.212
klibc-0.213
klibc-0.214
klibc-0.215
klibc-0.216
klibc-0.217
klibc-0.22
klibc-0.23
klibc-0.24
klibc-0.25
klibc-0.26
klibc-0.27
klibc-0.28
klibc-0.29
klibc-0.3
klibc-0.30
klibc-0.31
klibc-0.32
klibc-0.33
klibc-0.34
klibc-0.35
klibc-0.36
klibc-0.37
klibc-0.38
klibc-0.39
klibc-0.4
klibc-0.40
klibc-0.41
klibc-0.42
klibc-0.43
klibc-0.45
klibc-0.46
klibc-0.47
klibc-0.49
klibc-0.5
klibc-0.50
klibc-0.51
klibc-0.52
klibc-0.53
klibc-0.54
klibc-0.55
klibc-0.56
klibc-0.57
klibc-0.58
klibc-0.59
klibc-0.6
klibc-0.60
klibc-0.61
klibc-0.62
klibc-0.63
klibc-0.64
klibc-0.65
klibc-0.66
klibc-0.67
klibc-0.68
klibc-0.69
klibc-0.7
klibc-0.70
klibc-0.71
klibc-0.72
klibc-0.73
klibc-0.74
klibc-0.75
klibc-0.76
klibc-0.77
klibc-0.78
klibc-0.79
klibc-0.8
klibc-0.80
klibc-0.81
klibc-0.82
klibc-0.83
klibc-0.84
klibc-0.85
klibc-0.86
klibc-0.87
klibc-0.88
klibc-0.89
klibc-0.9
klibc-0.90
klibc-0.91
klibc-0.92
klibc-0.93
klibc-0.94
klibc-0.95
klibc-0.96
klibc-0.97
klibc-0.98
klibc-0.99
klibc-1.*
klibc-1.0
klibc-1.0.1
klibc-1.0.10
klibc-1.0.11
klibc-1.0.12
klibc-1.0.13
klibc-1.0.14
klibc-1.0.2
klibc-1.0.3
klibc-1.0.4
klibc-1.0.5
klibc-1.0.6
klibc-1.0.7
klibc-1.0.8
klibc-1.0.9
klibc-1.1
klibc-1.1.1
klibc-1.1.10
klibc-1.1.11
klibc-1.1.12
klibc-1.1.13
klibc-1.1.14
klibc-1.1.15
klibc-1.1.16
klibc-1.1.2
klibc-1.1.3
klibc-1.1.4
klibc-1.1.5
klibc-1.1.6
klibc-1.1.7
klibc-1.1.8
klibc-1.1.9
klibc-1.2
klibc-1.2.1
klibc-1.2.2
klibc-1.2.3
klibc-1.2.4
klibc-1.2.5
klibc-1.2.6
klibc-1.2.7
klibc-1.2.8
klibc-1.3
klibc-1.3.1
klibc-1.3.10
klibc-1.3.11
klibc-1.3.12
klibc-1.3.13
klibc-1.3.14
klibc-1.3.15
klibc-1.3.16
klibc-1.3.17
klibc-1.3.18
klibc-1.3.19
klibc-1.3.2
klibc-1.3.20
klibc-1.3.21
klibc-1.3.22
klibc-1.3.23
klibc-1.3.24
klibc-1.3.25
klibc-1.3.26
klibc-1.3.27
klibc-1.3.28
klibc-1.3.29
klibc-1.3.3
klibc-1.3.30
klibc-1.3.31
klibc-1.3.32
klibc-1.3.33
klibc-1.3.34
klibc-1.3.35
klibc-1.3.36
klibc-1.3.37
klibc-1.3.38
klibc-1.3.39
klibc-1.3.4
klibc-1.3.40
klibc-1.3.5
klibc-1.3.6
klibc-1.3.7
klibc-1.3.8
klibc-1.3.9
klibc-1.4
klibc-1.4.1
klibc-1.4.10
klibc-1.4.11
klibc-1.4.12
klibc-1.4.13
klibc-1.4.14
klibc-1.4.15
klibc-1.4.16
klibc-1.4.17
klibc-1.4.18
klibc-1.4.19
klibc-1.4.2
klibc-1.4.20
klibc-1.4.21
klibc-1.4.22
klibc-1.4.23
klibc-1.4.24
klibc-1.4.25
klibc-1.4.26
klibc-1.4.27
klibc-1.4.28
klibc-1.4.29
klibc-1.4.3
klibc-1.4.30
klibc-1.4.31
klibc-1.4.32
klibc-1.4.33
klibc-1.4.34
klibc-1.4.35
klibc-1.4.36
klibc-1.4.37
klibc-1.4.38
klibc-1.4.39
klibc-1.4.4
klibc-1.4.5
klibc-1.4.6
klibc-1.4.7
klibc-1.4.8
klibc-1.4.9
klibc-1.5
klibc-1.5.1
klibc-1.5.10
klibc-1.5.11
klibc-1.5.12
klibc-1.5.13
klibc-1.5.14
klibc-1.5.15
klibc-1.5.16
klibc-1.5.17
klibc-1.5.18
klibc-1.5.19
klibc-1.5.2
klibc-1.5.20
klibc-1.5.21
klibc-1.5.22
klibc-1.5.23
klibc-1.5.24
klibc-1.5.25
klibc-1.5.3
klibc-1.5.4
klibc-1.5.5
klibc-1.5.6
klibc-1.5.7
klibc-1.5.8
klibc-1.5.9
klibc-2.*
klibc-2.0
klibc-2.0.1
klibc-2.0.2
klibc-2.0.3
klibc-2.0.4
klibc-2.0.5
klibc-2.0.6
klibc-2.0.7
klibc-2.0.8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31873.json"
vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/huolinjue/klibc/commit/2e48a12ab1e30d43498c2d53e878a11a1b5102d5",
        "id": "CVE-2021-31873-72e70cd3",
        "deprecated": false,
        "target": {
            "file": "usr/utils/cpio.c"
        },
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "308283541531381744514487166056665852727",
                "185068699135860301733489562560209838802",
                "132144626656056469567345719663273201775",
                "47804530823586436168056557717241444302"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/huolinjue/klibc/commit/2e48a12ab1e30d43498c2d53e878a11a1b5102d5",
        "id": "CVE-2021-31873-abb2255b",
        "deprecated": false,
        "target": {
            "function": "copyin_link",
            "file": "usr/utils/cpio.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 697.0,
            "function_hash": "272096419306266800040729748449922772828"
        }
    },
    {
        "signature_type": "Line",
        "source": "https://github.com/huolinjue/klibc/commit/a31ae8c508fc8d1bca4f57e9f9f88127572d5202",
        "id": "CVE-2021-31873-b9ffccc1",
        "deprecated": false,
        "target": {
            "file": "usr/klibc/malloc.c"
        },
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "217924328770968556832553208148882712384",
                "187361156840409739383989126867014420216",
                "283857668055714559123873115374762873854"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "source": "https://github.com/huolinjue/klibc/commit/a31ae8c508fc8d1bca4f57e9f9f88127572d5202",
        "id": "CVE-2021-31873-d7e0cb41",
        "deprecated": false,
        "target": {
            "function": "malloc",
            "file": "usr/klibc/malloc.c"
        },
        "signature_version": "v1",
        "digest": {
            "length": 1034.0,
            "function_hash": "174256505860084667354504871651983070251"
        }
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]