CVE-2021-22156

Summary

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
BlackBerryQNX Software Development Platform (SDP), QNX OS for Medical and QNX OS for SafetyQNX SDP 6.5.0 SP1 and earlieraffected
BlackBerryQNX Software Development Platform (SDP), QNX OS for Medical and QNX OS for SafetyQNX OS for Medical 1.1 and earlieraffected
BlackBerryQNX Software Development Platform (SDP), QNX OS for Medical and QNX OS for SafetyQNX OS for Safety 1.0.1 and earlieraffected

Weaknesses

  • Denial of service or arbitrary code execution
  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

References