[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2021-26461: Apache NuttX (incubating): malloc, realloc and memalign implementatio
From:       Brennan Ashton <btashton () apache ! org>
Date:       2021-06-21 15:37:01
Message-ID: 262c7ab7f2cbc14ba3fe9deb29d173067918b289.camel () apache ! org
[Download RAW message or body]

Description:

Apache Nuttx (incubating) versions prior to 10.1.0 are vulnerable to
integer wrap-around in functions malloc, realloc and memalign. This
improper memory assignment can lead to arbitrary memory allocation,
resulting in unexpected behavior such as a crash or a remote code
injection/execution. 

This issue is also known as BadAlloc

Credit:

Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure
Defender for IoT of Microsoft Corp for bringing this issue to our
attention.

--Brennan Ashton

[prev in list] [next in list] [prev in thread] [next in thread]