Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-3420 - log back

CVE-2021-3420 edited at 02 Mar 2021 18:03:54

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Arbitrary code execution

Description

+	A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

References

+	https://bugzilla.redhat.com/show_bug.cgi?id=1934088
+	https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e

Notes

CVE-2021-3420 created at 02 Mar 2021 18:02:53