Login Sign Up

CVE-2021-31870

9.8 CRITICAL
Denial of Service

📋 TL;DR

CVE-2021-31870 is an integer overflow vulnerability in klibc's calloc() function that can lead to heap buffer overflow. This allows attackers to potentially execute arbitrary code or crash affected systems. Systems using klibc versions before 2.0.9 are vulnerable.

💻 Affected Systems

Products:
  • klibc
Versions: All versions before 2.0.9
Operating Systems: Linux distributions that include klibc
Default Config Vulnerable: ⚠️ Yes
Notes: Klibc is used by various Linux utilities and initramfs tools; impact depends on how calloc() is invoked in specific applications.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Klibc by Klibc Project

View all CVEs affecting Klibc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, privilege escalation, or denial of service.

🟠

Likely Case

Application crashes or denial of service affecting system stability.

🟢

If Mitigated

Limited impact if proper memory protections (ASLR, stack canaries) are enabled and the vulnerability is not reachable.

🌐 Internet-Facing: MEDIUM - Requires specific conditions to be exploitable remotely, but klibc is used in various system utilities.
🏢 Internal Only: MEDIUM - Similar risk profile as internet-facing, but attack surface may be reduced in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires control over calloc() parameters to trigger integer overflow; no public exploits have been documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.9

Vendor Advisory: https://lists.zytor.com/archives/klibc/2021-April/004593.html

Restart Required: Yes

Instructions:

1. Update klibc to version 2.0.9 or later. 2. Rebuild any initramfs images that include klibc. 3. Reboot the system to ensure updated libraries are loaded.

🔧 Temporary Workarounds

Disable vulnerable utilities

linux

Identify and disable applications that use the vulnerable klibc calloc() function.

Identify using: ldd /path/to/binary | grep klibc
Disable or remove affected binaries

🧯 If You Can't Patch

  • Implement strict access controls to limit who can execute klibc-dependent applications.
  • Enable security mitigations like ASLR and stack canaries to reduce exploit success probability.

🔍 How to Verify

Check if Vulnerable:

Check klibc version: dpkg -l | grep klibc or rpm -qa | grep klibc

Check Version:

klibc-version 2>/dev/null || echo "Check via package manager"

Verify Fix Applied:

Verify klibc version is 2.0.9 or higher using package manager commands.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults in klibc-dependent programs
  • Unexpected memory allocation patterns

Network Indicators:

  • None specific to this vulnerability

SIEM Query:

Search for process crashes involving klibc libraries or initramfs utilities.

📊 Metadata

CVE ID: CVE-2021-31870
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-190
Published: April 30, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31870, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)