CVE-2021-27502

Summary

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.

Affected Software

VendorProductVersion RangeStatus
Texas InstrumentsCC32XX0 < 4.40.00.07affected
Texas InstrumentsSimpleLink MSP432E4XXall versionsaffected
Texas InstrumentsSimpleLink-CC13XX0 < 4.40.00affected
Texas InstrumentsSimpleLink-CC26XX0 < 4.40.00affected
Texas InstrumentsSimpleLink-CC32XX0 < 4.10.03affected

Weaknesses

  • CWE-190: CWE-190: Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

References