cbcvebase.
CVE-2021-22156
published 2021-08-17

CVE-2021-22156: An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP)…

PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.80%
75.7th percentile
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

Affected

4 ranges
VendorProductVersion rangeFixed in
blackberryqnx_os_for_medical<= 1.1.1
blackberryqnx_os_for_safety<= 1.0.2
blackberryqnx_software_development_platform< 6.5.06.5.0
blackberryqnx_software_development_platform

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.