CVE-2021-27417 Vulnerability Details

  /     /     /  

CVE-2021-27417 Metadata Quick Info

CVE Published: 03/05/2022 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: icscert | Vendor: eCosCentric | Product: eCosPro RTOS
Status : PUBLISHED

CVE-2021-27417 Description

eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.

Metrics

CVSS Version: 3.1 | Base Score: 4.6 MEDIUM
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* LOCAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* HIGH
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-190
CWE Name: CWE-190 Integer Overflow or Wraparound
Source: eCosCentric

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-27417 Vulnerability Details