CVE-2021-26461Integer Overflow or Wraparound in Software Foundation Apache Nuttx

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
9.8CRITICALNVD
EPSS
2.1%
top 16.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache NuttxApache Nuttx
Timeline
PublishedJun 21
Latest updateMay 24

Description

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDapache/nuttx< 10.1.0
CVEListV5apache_software_foundation/apache_nuttxApache NuttX10.1.0

🔴Vulnerability Details

2
GHSA
GHSA-h737-8f7x-38jh: Apache Nuttx Versions prior to 102022-05-24
CVEList
malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds2021-06-21
CVE-2021-26461 — Integer Overflow or Wraparound | cvebase