Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 | Third Party Advisory US Government Resource |
https://www.ti.com/tool/TI-RTOS-MCU | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
01 Dec 2023, 20:53
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 | |
First Time |
Ti cc3235sf
Ti cc3235s Ti cc3230sf Ti simplelink Cc26xx Software Development Kit Ti simplelink Msp432e401y Ti simplelink Cc32xx Software Development Kit Ti Ti cc3200 Ti simplelink Msp432e411y Ti cc3230s Ti cc3220sf Ti real-time Operating System Ti cc3220s Ti cc3220r Ti simplelink Cc13xx Software Development Kit |
|
References | () https://www.ti.com/tool/TI-RTOS-MCU - Product | |
References | () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource | |
CPE | cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:* cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:* cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:* cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
20 Nov 2023, 19:18
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-20 19:15
Updated : 2024-02-28 20:54
NVD link : CVE-2021-27429
Mitre link : CVE-2021-27429
CVE.ORG link : CVE-2021-27429
JSON object : View
Products Affected
ti
- real-time_operating_system
- cc3235sf
- cc3235s
- cc3230sf
- simplelink_msp432e401y
- simplelink_cc26xx_software_development_kit
- cc3220r
- cc3200
- cc3220s
- cc3230s
- simplelink_cc32xx_software_development_kit
- simplelink_msp432e411y
- simplelink_cc13xx_software_development_kit
- cc3220sf
CWE
CWE-190
Integer Overflow or Wraparound