An issue was discovered in klibc before 2.0.9. Multiple possible integer overflows in the cpio command on 32-bit systems may result in a buffer overflow or other security impact.
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
| Link | Tags |
|---|---|
| https://kernel.org/pub/linux/libs/klibc/2.0/ | third party advisory release notes |
| https://lists.zytor.com/archives/klibc/2021-April/004593.html | mailing list release notes third party advisory |
| https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff | third party advisory patch |
| http://www.openwall.com/lists/oss-security/2021/04/30/1 | mailing list release notes third party advisory |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00025.html | third party advisory mailing list |