CVE-2021-27417
4.6
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H
Summary
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| eCosCentric | eCosPro RTOS | 2.0.1 <= 4.5.3 | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CVE Program Container
Additional References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04
- https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04
- https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.