CVE-2021-31873

CVE-2021-31873 affects klibc prior to 2.0.9. Additions in malloc() may cause an integer overflow and a subsequent heap buffer overflow, per multiple sources. Reported impacts include crashes and potential for denial of service, with some advisories noting possible arbitrary code execution in affe...

CVE-2021-31870

CVE-2021-31870 concerns klibc before version 2.0.9, where an integer overflow in calloc() due to multiplication can cause a heap buffer overflow. Multiple connected advisories/reporting broaden the impact to include related issues in the same klibc package (e.g., 64-bit allocation/memory handling...

CVE-2021-31872

CVE-2021-31872 affects klibc prior to version 2.0.9, where multiple integer overflows in the cpio command on 32-bit systems may cause a buffer overflow or other security impact. The issue is documented across multiple advisories (Astra Linux, Debian DLA-2695-1, Ubuntu USN-5379-1, Alpine security ...

CVE-2021-31871

CVE-2021-31871 affects klibc prior to 2.0.9. The issue is an integer overflow in the cpio command that may cause a NULL pointer dereference on 64-bit systems, potentially enabling a crash or arbitrary code execution depending on context. Connected advisories confirm this vulnerability across mult...

CVE-2011-1930

CVE-2011-1930 affects klibc 1.5.20 and 1.5.21; DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped, enabling a remote attacker to craft a DHCP reply that could execute arbitrary code with the privileges of the process sourcing DHCP options. Multiple advisories (RH, ...