CVE-2021-27427
published 2022-05-03CVE-2021-27427: RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation…
PriorityP353critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.53%
71.6th percentile
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| riot-os | riot | — | — |
| riot_os | riot_os | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw8p-6vv6-4c5g: RIOT OS version 2020
ghsa_unreviewed·2022-05-04
CVE-2021-27427 [CRITICAL] CWE-190 GHSA-xw8p-6vv6-4c5g: RIOT OS version 2020
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
CISA ICS
Multiple RTOS (Update E)
cisa_ics·2021-11-30
Multiple RTOS (Update E)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple RTOS (Update E)
Last RevisedApril 19, 2022
Alert CodeICSA-21-119-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Multiple
- Equipment: Multiple
- Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and oth
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-05-03
Published