CVE-2021-43268 — Double Free in Vxworks

CWE-415 — Double Free3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 65.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Windriver Vxworks

Timeline

PublishedNov 24

Latest updateNov 25

Description

An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

▶NVDwindriver/vxworks6.9 — 7.0

🔴Vulnerability Details

GHSA

GHSA-cpcp-g87h-g6h3: An issue was discovered in VxWorks 6↗2021-11-25

▶

CVEList

CVE-2021-43268: An issue was discovered in VxWorks 6↗2021-11-24

▶