Texas Instruments TI-RTOS, when configured to use HeapMem heap(default),
malloc returns a valid pointer to a small buffer on extremely large
values, which can trigger an integer overflow vulnerability in
'HeapMem_allocUnprotected' and result in code execution.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | Third Party Advisory US Government Resource |
https://www.ti.com/tool/TI-RTOS-MCU | Product |
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | Third Party Advisory US Government Resource |
https://www.ti.com/tool/TI-RTOS-MCU | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 05:58
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource | |
References | () https://www.ti.com/tool/TI-RTOS-MCU - Product | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.4 |
01 Dec 2023, 20:53
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | () https://www.ti.com/tool/TI-RTOS-MCU - Product | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:* |
|
First Time |
Ti simplelink Cc26xx Software Development Kit
Ti cc3230s Ti Ti cc3220r Ti cc3235sf Ti cc3200 Ti simplelink Msp432e411y Ti cc3220s Ti cc3230sf Ti cc3220sf Ti simplelink Cc32xx Software Development Kit Ti simplelink Msp432e401y Ti cc3235s Ti simplelink Cc13xx Software Development Kit Ti real-time Operating System |
|
CWE | CWE-190 |
21 Nov 2023, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-21 18:15
Updated : 2024-11-21 05:58
NVD link : CVE-2021-27502
Mitre link : CVE-2021-27502
CVE.ORG link : CVE-2021-27502
JSON object : View
Products Affected
ti
- cc3235s
- cc3235sf
- simplelink_cc13xx_software_development_kit
- cc3230s
- cc3220r
- cc3200
- simplelink_msp432e401y
- cc3230sf
- real-time_operating_system
- simplelink_cc32xx_software_development_kit
- simplelink_cc26xx_software_development_kit
- cc3220sf
- cc3220s
- simplelink_msp432e411y
CWE
CWE-190
Integer Overflow or Wraparound