Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | Third Party Advisory US Government Resource |
https://www.ti.com/tool/TI-RTOS-MCU | Product |
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | Third Party Advisory US Government Resource |
https://www.ti.com/tool/TI-RTOS-MCU | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 05:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource | |
References | () https://www.ti.com/tool/TI-RTOS-MCU - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
01 Dec 2023, 20:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.ti.com/tool/TI-RTOS-MCU - Product | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:* |
|
CWE | CWE-190 | |
First Time |
Ti simplelink Cc26xx Software Development Kit
Ti cc3230s Ti Ti cc3220r Ti cc3235sf Ti cc3200 Ti simplelink Msp432e411y Ti cc3220s Ti cc3230sf Ti cc3220sf Ti simplelink Cc32xx Software Development Kit Ti simplelink Msp432e401y Ti cc3235s Ti simplelink Cc13xx Software Development Kit Ti real-time Operating System |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
20 Nov 2023, 19:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 19:15
Updated : 2024-11-21 05:57
NVD link : CVE-2021-27429
Mitre link : CVE-2021-27429
CVE.ORG link : CVE-2021-27429
JSON object : View
Products Affected
ti
- cc3235s
- cc3235sf
- simplelink_cc13xx_software_development_kit
- cc3230s
- cc3220r
- cc3200
- simplelink_msp432e401y
- cc3230sf
- real-time_operating_system
- simplelink_cc32xx_software_development_kit
- simplelink_cc26xx_software_development_kit
- cc3220sf
- cc3220s
- simplelink_msp432e411y
CWE
CWE-190
Integer Overflow or Wraparound