Vulnerability Details CVE-2021-3420
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2021-3420
-
cpe:2.3:a:newlib_project:newlib:-
-
cpe:2.3:a:newlib_project:newlib:1.10.0
-
cpe:2.3:a:newlib_project:newlib:1.11.0
-
cpe:2.3:a:newlib_project:newlib:1.12.0
-
cpe:2.3:a:newlib_project:newlib:1.13.0
-
cpe:2.3:a:newlib_project:newlib:1.14.0
-
cpe:2.3:a:newlib_project:newlib:1.15.0
-
cpe:2.3:a:newlib_project:newlib:1.16.0
-
cpe:2.3:a:newlib_project:newlib:1.17.0
-
cpe:2.3:a:newlib_project:newlib:1.18.0
-
cpe:2.3:a:newlib_project:newlib:1.19.0
-
cpe:2.3:a:newlib_project:newlib:1.20.0
-
cpe:2.3:a:newlib_project:newlib:1.9.0
-
cpe:2.3:a:newlib_project:newlib:2.0.0
-
cpe:2.3:a:newlib_project:newlib:2.1.0
-
cpe:2.3:a:newlib_project:newlib:2.2.0
-
cpe:2.3:a:newlib_project:newlib:2.3.0
-
cpe:2.3:a:newlib_project:newlib:2.4.0
-
cpe:2.3:a:newlib_project:newlib:2.5.0
-
cpe:2.3:a:newlib_project:newlib:3.0.0
-
cpe:2.3:a:newlib_project:newlib:3.1.0
-
cpe:2.3:a:newlib_project:newlib:3.2.0
-
cpe:2.3:a:newlib_project:newlib:3.3.0
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:34