CVE-2021-30636
published 2022-01-24CVE-2021-30636: In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and…
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.47%
70.6th percentile
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mediatek | linkit_software_development_kit | < 4.6.1 | 4.6.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gc9h-g4qm-fgcv: In MediaTek LinkIt SDK before 4
ghsa_unreviewed·2022-01-25
CVE-2021-30636 [CRITICAL] CWE-190 GHSA-gc9h-g4qm-fgcv: In MediaTek LinkIt SDK before 4
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
CISA ICS
Multiple RTOS (Update E)
cisa_ics·2021-11-30
Multiple RTOS (Update E)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Multiple RTOS (Update E)
Last RevisedApril 19, 2022
Alert CodeICSA-21-119-04
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendors: Multiple
- Equipment: Multiple
- Vulnerabilities: Integer Overflow or Wraparound
CISA is aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries. CISA is issuing this advisory to provide early notice of the reported vulnerabilities and identify baseline mitigations for reducing risks to these and oth
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-24
Published