[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2021-26461: Apache NuttX (incubating): malloc, realloc and memalign implementatio
From: Brennan Ashton <btashton () apache ! org>
Date: 2021-06-21 15:37:01
Message-ID: 262c7ab7f2cbc14ba3fe9deb29d173067918b289.camel () apache ! org
[Download RAW message or body]
Description:
Apache Nuttx (incubating) versions prior to 10.1.0 are vulnerable to
integer wrap-around in functions malloc, realloc and memalign. This
improper memory assignment can lead to arbitrary memory allocation,
resulting in unexpected behavior such as a crash or a remote code
injection/execution.
This issue is also known as BadAlloc
Credit:
Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure
Defender for IoT of Microsoft Corp for bringing this issue to our
attention.
--Brennan Ashton
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic