https://bugzilla.suse.com/show_bug.cgi?id=1199186 Bug ID: 1199186 Summary: VUL-1: CVE-2021-27419: klee-uclibc: uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/330633/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: jslaby@suse.com Reporter: cathy.hu@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2021-27419 uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27419 https://downloads.uclibc-ng.org/releases/ https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 -- You are receiving this mail because: You are on the CC list for the bug.