CVE-2021-31871

high

Description

An issue was discovered in klibc before 2.0.9. An integer overflow in the cpio command may result in a NULL pointer dereference on 64-bit systems.

References

Advisories

https://lists.zytor.com/archives/klibc/2021-April/004593.html

https://lists.debian.org/debian-lts-announce/2021/06/msg00025.html

https://kernel.org/pub/linux/libs/klibc/2.0/

https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5

http://www.openwall.com/lists/oss-security/2021/04/30/1

Details

Source: Mitre, NVD

Published: 2021-04-30

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.0028