debian · CVE-2021-3420

Quick triage

Priority: not yet assigned Published: Updated: Fri, 17 Jul 2026 14:09:35 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2021-3420 not yet assigned priority: Debian including 2 source packages (newlib, picolibc), 10 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 9, open 1.

Description:

A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.

cvelogic Threat Intelligence