Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | Third Party Advisory US Government Resource |
https://www.ti.com/tool/TI-RTOS-MCU | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
01 Dec 2023, 20:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
References | () https://www.ti.com/tool/TI-RTOS-MCU - Product | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:* cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Ti cc3235sf
Ti cc3235s Ti cc3230sf Ti simplelink Cc26xx Software Development Kit Ti simplelink Msp432e401y Ti simplelink Cc32xx Software Development Kit Ti Ti cc3200 Ti simplelink Msp432e411y Ti cc3230s Ti cc3220sf Ti real-time Operating System Ti cc3220s Ti cc3220r Ti simplelink Cc13xx Software Development Kit |
20 Nov 2023, 19:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 19:15
Updated : 2024-02-28 20:54
NVD link : CVE-2021-22636
Mitre link : CVE-2021-22636
CVE.ORG link : CVE-2021-22636
JSON object : View
Products Affected
ti
- real-time_operating_system
- cc3230s
- cc3235sf
- simplelink_cc13xx_software_development_kit
- simplelink_msp432e401y
- cc3235s
- cc3200
- simplelink_cc26xx_software_development_kit
- cc3220sf
- cc3220r
- simplelink_cc32xx_software_development_kit
- cc3230sf
- simplelink_msp432e411y
- cc3220s
CWE
CWE-190
Integer Overflow or Wraparound