Arbitrary Code Execution

2021-05-0607:37:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.006 Low

EPSS

Percentile

78.7%

JSON

newlib is vulnerable to arbitrary code execution. An integer overflow in mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc leads to a heap-based buffer overflow and allows an attacker to execute arbitrary code on the host OS.

CPENameOperatorVersion
newlibeq3.0.0.20180831-r1
newlibeq3.3.0-r2
newlibeq3.0.0.20180831-r1
newlibeq3.3.0-r2

Name	Operator	Version
newlib	eq	3.0.0.20180831-r1
newlib	eq	3.3.0-r2
newlib	eq	3.0.0.20180831-r1
newlib	eq	3.3.0-r2

References

bugzilla.redhat.com/show_bug.cgi?id=1934088

lists.fedoraproject.org/archives/list/[email protected]/message/AEBF6YHWFNCBW5A2ENSQ3Z56ELF4MTRE/

lists.fedoraproject.org/archives/list/[email protected]/message/AMK54N6UOPBFFX2YT32TWSAEFTHGSKAA/

lists.fedoraproject.org/archives/list/[email protected]/message/LSQZEUANAWBBAOC4TF5PTPJVLMUR7SFD/

secdb.alpinelinux.org/edge/community.yaml

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for VERACODE:30362