In the Linux kernel, the following vulnerability has been resolved:
tools/nolibc/stdlib: fix memory error in realloc()
Pass userplen to memcpy() instead of heap->len to prevent realloc() from copying an extra sizeof(heap) bytes from beyond the allocated region.