{"id":"CVE-2021-31873","details":"An issue was discovered in klibc before 2.0.9. Additions in the malloc() function may result in an integer overflow and a subsequent heap buffer overflow.","modified":"2026-04-11T17:12:31.475161Z","published":"2021-04-30T06:15:07.343Z","references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00025.html"},{"type":"ADVISORY","url":"https://lists.zytor.com/archives/klibc/2021-April/004593.html"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/04/30/1"},{"type":"ADVISORY","url":"https://kernel.org/pub/linux/libs/klibc/2.0/"},{"type":"FIX","url":"https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202"},{"type":"FIX","url":"https://github.com/huolinjue/klibc/commit/a31ae8c508fc8d1bca4f57e9f9f88127572d5202"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/huolinjue/klibc","events":[{"introduced":"0"},{"fixed":"2e48a12ab1e30d43498c2d53e878a11a1b5102d5"},{"fixed":"a31ae8c508fc8d1bca4f57e9f9f88127572d5202"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.0.9"}]}}],"versions":["klibc-0.1","klibc-0.10","klibc-0.100","klibc-0.101","klibc-0.102","klibc-0.103","klibc-0.104","klibc-0.105","klibc-0.106","klibc-0.107","klibc-0.108","klibc-0.109","klibc-0.11","klibc-0.110","klibc-0.111","klibc-0.112","klibc-0.113","klibc-0.114","klibc-0.115","klibc-0.116","klibc-0.117","klibc-0.118","klibc-0.119","klibc-0.12","klibc-0.120","klibc-0.121","klibc-0.122","klibc-0.123","klibc-0.124","klibc-0.125","klibc-0.126","klibc-0.127","klibc-0.128","klibc-0.129","klibc-0.13","klibc-0.130","klibc-0.131","klibc-0.132","klibc-0.133","klibc-0.134","klibc-0.135","klibc-0.136","klibc-0.137","klibc-0.138","klibc-0.139","klibc-0.14","klibc-0.140","klibc-0.141","klibc-0.142","klibc-0.143","klibc-0.144","klibc-0.145","klibc-0.146","klibc-0.147","klibc-0.148","klibc-0.149","klibc-0.15","klibc-0.150","klibc-0.151","klibc-0.152","klibc-0.153","klibc-0.154","klibc-0.155","klibc-0.156","klibc-0.157","klibc-0.158","klibc-0.159","klibc-0.16","klibc-0.160","klibc-0.161","klibc-0.162","klibc-0.163","klibc-0.164","klibc-0.165","klibc-0.166","klibc-0.167","klibc-0.168","klibc-0.169","klibc-0.17","klibc-0.170","klibc-0.171","klibc-0.172","klibc-0.173","klibc-0.174","klibc-0.175","klibc-0.176","klibc-0.177","klibc-0.178","klibc-0.179","klibc-0.18","klibc-0.180","klibc-0.181","klibc-0.182","klibc-0.183","klibc-0.184","klibc-0.185","klibc-0.186","klibc-0.187","klibc-0.188","klibc-0.189","klibc-0.19","klibc-0.190","klibc-0.191","klibc-0.192","klibc-0.193","klibc-0.194","klibc-0.195","klibc-0.196","klibc-0.197","klibc-0.198","klibc-0.199","klibc-0.2","klibc-0.20","klibc-0.200","klibc-0.201","klibc-0.202","klibc-0.203","klibc-0.204","klibc-0.205","klibc-0.206","klibc-0.207","klibc-0.208","klibc-0.209","klibc-0.21","klibc-0.210","klibc-0.211","klibc-0.212","klibc-0.213","klibc-0.214","klibc-0.215","klibc-0.216","klibc-0.217","klibc-0.22","klibc-0.23","klibc-0.24","klibc-0.25","klibc-0.26","klibc-0.27","klibc-0.28","klibc-0.29","klibc-0.3","klibc-0.30","klibc-0.31","klibc-0.32","klibc-0.33","klibc-0.34","klibc-0.35","klibc-0.36","klibc-0.37","klibc-0.38","klibc-0.39","klibc-0.4","klibc-0.40","klibc-0.41","klibc-0.42","klibc-0.43","klibc-0.45","klibc-0.46","klibc-0.47","klibc-0.49","klibc-0.5","klibc-0.50","klibc-0.51","klibc-0.52","klibc-0.53","klibc-0.54","klibc-0.55","klibc-0.56","klibc-0.57","klibc-0.58","klibc-0.59","klibc-0.6","klibc-0.60","klibc-0.61","klibc-0.62","klibc-0.63","klibc-0.64","klibc-0.65","klibc-0.66","klibc-0.67","klibc-0.68","klibc-0.69","klibc-0.7","klibc-0.70","klibc-0.71","klibc-0.72","klibc-0.73","klibc-0.74","klibc-0.75","klibc-0.76","klibc-0.77","klibc-0.78","klibc-0.79","klibc-0.8","klibc-0.80","klibc-0.81","klibc-0.82","klibc-0.83","klibc-0.84","klibc-0.85","klibc-0.86","klibc-0.87","klibc-0.88","klibc-0.89","klibc-0.9","klibc-0.90","klibc-0.91","klibc-0.92","klibc-0.93","klibc-0.94","klibc-0.95","klibc-0.96","klibc-0.97","klibc-0.98","klibc-0.99","klibc-1.0","klibc-1.0.1","klibc-1.0.10","klibc-1.0.11","klibc-1.0.12","klibc-1.0.13","klibc-1.0.14","klibc-1.0.2","klibc-1.0.3","klibc-1.0.4","klibc-1.0.5","klibc-1.0.6","klibc-1.0.7","klibc-1.0.8","klibc-1.0.9","klibc-1.1.1","klibc-1.1.10","klibc-1.1.11","klibc-1.1.12","klibc-1.1.13","klibc-1.1.14","klibc-1.1.15","klibc-1.1.16","klibc-1.1.2","klibc-1.1.3","klibc-1.1.5","klibc-1.1.6","klibc-1.1.7","klibc-1.1.8","klibc-1.1.9","klibc-1.2","klibc-1.2.1","klibc-1.2.2","klibc-1.2.3","klibc-1.2.4","klibc-1.2.5","klibc-1.2.7","klibc-1.2.8","klibc-1.3","klibc-1.3.1","klibc-1.3.11","klibc-1.3.12","klibc-1.3.13","klibc-1.3.14","klibc-1.3.15","klibc-1.3.17","klibc-1.3.18","klibc-1.3.19","klibc-1.3.2","klibc-1.3.20","klibc-1.3.21","klibc-1.3.22","klibc-1.3.23","klibc-1.3.24","klibc-1.3.25","klibc-1.3.26","klibc-1.3.28","klibc-1.3.29","klibc-1.3.3","klibc-1.3.30","klibc-1.3.31","klibc-1.3.32","klibc-1.3.33","klibc-1.3.34","klibc-1.3.35","klibc-1.3.36","klibc-1.3.37","klibc-1.3.38","klibc-1.3.39","klibc-1.3.40","klibc-1.3.6","klibc-1.3.7","klibc-1.4","klibc-1.4.1","klibc-1.4.10","klibc-1.4.11","klibc-1.4.12","klibc-1.4.13","klibc-1.4.14","klibc-1.4.16","klibc-1.4.17","klibc-1.4.18","klibc-1.4.2","klibc-1.4.21","klibc-1.4.22","klibc-1.4.23","klibc-1.4.24","klibc-1.4.25","klibc-1.4.26","klibc-1.4.27","klibc-1.4.28","klibc-1.4.29","klibc-1.4.3","klibc-1.4.30","klibc-1.4.31","klibc-1.4.32","klibc-1.4.33","klibc-1.4.34","klibc-1.4.35","klibc-1.4.36","klibc-1.4.39","klibc-1.4.4","klibc-1.4.5","klibc-1.4.6","klibc-1.4.7","klibc-1.4.8","klibc-1.4.9","klibc-1.5","klibc-1.5.1","klibc-1.5.10","klibc-1.5.11","klibc-1.5.12","klibc-1.5.13","klibc-1.5.14","klibc-1.5.15","klibc-1.5.16","klibc-1.5.17","klibc-1.5.18","klibc-1.5.19","klibc-1.5.2","klibc-1.5.20","klibc-1.5.21","klibc-1.5.22","klibc-1.5.23","klibc-1.5.24","klibc-1.5.25","klibc-1.5.3","klibc-1.5.4","klibc-1.5.5","klibc-1.5.6","klibc-1.5.7","klibc-1.5.8","klibc-1.5.9","klibc-2.0","klibc-2.0.1","klibc-2.0.2","klibc-2.0.3","klibc-2.0.4","klibc-2.0.5","klibc-2.0.6","klibc-2.0.7","klibc-2.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-31873.json","vanir_signatures":[{"id":"CVE-2021-31873-72e70cd3","signature_version":"v1","source":"https://github.com/huolinjue/klibc/commit/2e48a12ab1e30d43498c2d53e878a11a1b5102d5","target":{"file":"usr/utils/cpio.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["308283541531381744514487166056665852727","185068699135860301733489562560209838802","132144626656056469567345719663273201775","47804530823586436168056557717241444302"]},"deprecated":false},{"id":"CVE-2021-31873-abb2255b","signature_version":"v1","source":"https://github.com/huolinjue/klibc/commit/2e48a12ab1e30d43498c2d53e878a11a1b5102d5","target":{"function":"copyin_link","file":"usr/utils/cpio.c"},"signature_type":"Function","digest":{"length":697,"function_hash":"272096419306266800040729748449922772828"},"deprecated":false},{"id":"CVE-2021-31873-b9ffccc1","signature_version":"v1","source":"https://github.com/huolinjue/klibc/commit/a31ae8c508fc8d1bca4f57e9f9f88127572d5202","target":{"file":"usr/klibc/malloc.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["217924328770968556832553208148882712384","187361156840409739383989126867014420216","283857668055714559123873115374762873854"]},"deprecated":false},{"id":"CVE-2021-31873-d7e0cb41","signature_version":"v1","source":"https://github.com/huolinjue/klibc/commit/a31ae8c508fc8d1bca4f57e9f9f88127572d5202","target":{"function":"malloc","file":"usr/klibc/malloc.c"},"signature_type":"Function","digest":{"length":1034,"function_hash":"174256505860084667354504871651983070251"},"deprecated":false}],"vanir_signatures_modified":"2026-04-11T17:12:31Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}