CVE-2021-27429

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:*
OR cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:57

Type Values Removed Values Added
References () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource
References () https://www.ti.com/tool/TI-RTOS-MCU - Product () https://www.ti.com/tool/TI-RTOS-MCU - Product
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 7.4

01 Dec 2023, 20:53

Type Values Removed Values Added
References () https://www.ti.com/tool/TI-RTOS-MCU - () https://www.ti.com/tool/TI-RTOS-MCU - Product
References () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource
First Time Ti cc3235sf
Ti cc3235s
Ti cc3230sf
Ti simplelink Cc26xx Software Development Kit
Ti simplelink Msp432e401y
Ti simplelink Cc32xx Software Development Kit
Ti
Ti cc3200
Ti simplelink Msp432e411y
Ti cc3230s
Ti cc3220sf
Ti real-time Operating System
Ti cc3220s
Ti cc3220r
Ti simplelink Cc13xx Software Development Kit
CWE CWE-190
CPE cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:*
cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

20 Nov 2023, 19:18

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-20 19:15

Updated : 2024-11-21 05:57


NVD link : CVE-2021-27429

Mitre link : CVE-2021-27429

CVE.ORG link : CVE-2021-27429


JSON object : View

Products Affected

ti

  • cc3200
  • cc3230s
  • simplelink_msp432e411y
  • cc3235sf
  • simplelink_cc26xx_software_development_kit
  • real-time_operating_system
  • cc3230sf
  • cc3235s
  • simplelink_msp432e401y
  • cc3220s
  • simplelink_cc13xx_software_development_kit
  • cc3220sf
  • simplelink_cc32xx_software_development_kit
  • cc3220r
CWE
CWE-190

Integer Overflow or Wraparound