CVE-2021-3420

Name of the Vulnerable Software and Affected Versions newlib versions prior to 4.0.0

Description A flaw was found in newlib due to improper overflow validation in memory allocation functions, such as mEMALIGn, pvALLOc, nano memalign, nano valloc, and nano pvalloc. This could cause an integer overflow, leading to the allocation of a small buffer and then to a heap-based buffer overflow. The issue is related to a whole number overflow, which can be exploited by a remote attacker to cause a buffer overflow.

Recommendations For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the vulnerable memory allocation functions until a patch is available.