Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.892695
Category:Debian Local Security Checks
Title:Debian LTS: Security Advisory for klibc (DLA-2695-1)
Summary:The remote host is missing an update for the 'klibc'; package(s) announced via the DLA-2695-1 advisory.
Description:Summary:
The remote host is missing an update for the 'klibc'
package(s) announced via the DLA-2695-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in klibc. Depending on
how klibc is used, these could lead to the execution of arbitrary
code, privilege escalation, or denial of service.

Thanks to Microsoft Vulnerability Research for reporting the heap bugs
and going some of the way to identifying the cpio bugs.

CVE-2021-31870

Multiplication in the calloc() function may result in an integer
overflow and a subsequent heap buffer overflow.

CVE-2021-31871

An integer overflow in the cpio command may result in a NULL
pointer dereference.

CVE-2021-31872

Multiple possible integer overflows in the cpio command on 32-bit
systems may result in a buffer overflow or other security impact.

CVE-2021-31873

Additions in malloc() function may result in integer overflow and
subsequent heap buffer overflow.

Affected Software/OS:
'klibc' package(s) on Debian Linux.

Solution:
For Debian 9 stretch, these problems have been fixed in version
2.0.4-9+deb9u1.

We recommend that you upgrade your klibc packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-31870
Common Vulnerability Exposure (CVE) ID: CVE-2021-31871
Common Vulnerability Exposure (CVE) ID: CVE-2021-31872
Common Vulnerability Exposure (CVE) ID: CVE-2021-31873
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.