Candidate: CVE-2021-3420
PublicDate: 2021-03-05 21:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3420
 https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e
Description:
 A flaw was found in newlib in versions prior to 4.0.0. Improper overflow
 validation in the memory allocation functions mEMALIGn, pvALLOc,
 nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow,
 leading to an allocation of a small buffer and then to a heap-based buffer
 overflow.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_newlib:
upstream_newlib: needs-triage
precise/esm_newlib: DNE
trusty_newlib: ignored (out of standard support)
trusty/esm_newlib: DNE
xenial_newlib: ignored (end of standard support, was needs-triage)
bionic_newlib: needs-triage
focal_newlib: needs-triage
groovy_newlib: ignored (reached end-of-life)
hirsute_newlib: ignored (reached end-of-life)
impish_newlib: needs-triage
jammy_newlib: needs-triage
devel_newlib: needs-triage