CVE-2021-27429

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 Third Party Advisory US Government Resource
https://www.ti.com/tool/TI-RTOS-MCU Product
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:*
OR cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:*

History

01 Dec 2023, 20:53

Type Values Removed Values Added
CWE CWE-190
First Time Ti cc3235sf
Ti cc3235s
Ti cc3230sf
Ti simplelink Cc26xx Software Development Kit
Ti simplelink Msp432e401y
Ti simplelink Cc32xx Software Development Kit
Ti
Ti cc3200
Ti simplelink Msp432e411y
Ti cc3230s
Ti cc3220sf
Ti real-time Operating System
Ti cc3220s
Ti cc3220r
Ti simplelink Cc13xx Software Development Kit
References () https://www.ti.com/tool/TI-RTOS-MCU - () https://www.ti.com/tool/TI-RTOS-MCU - Product
References () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - () https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04 - Third Party Advisory, US Government Resource
CPE cpe:2.3:a:ti:simplelink_cc32xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3200:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e401y:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc26xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230s:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_cc13xx_software_development_kit:*:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220r:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235sf:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220sf:-:*:*:*:*:*:*:*
cpe:2.3:a:ti:simplelink_msp432e411y:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3235s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3220s:-:*:*:*:*:*:*:*
cpe:2.3:h:ti:cc3230sf:-:*:*:*:*:*:*:*
cpe:2.3:o:ti:real-time_operating_system:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

20 Nov 2023, 19:18

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-20 19:15

Updated : 2024-02-28 20:54


NVD link : CVE-2021-27429

Mitre link : CVE-2021-27429

CVE.ORG link : CVE-2021-27429


JSON object : View

Products Affected

ti

  • real-time_operating_system
  • cc3235sf
  • cc3235s
  • cc3230sf
  • simplelink_msp432e401y
  • simplelink_cc26xx_software_development_kit
  • cc3220r
  • cc3200
  • cc3220s
  • cc3230s
  • simplelink_cc32xx_software_development_kit
  • simplelink_msp432e411y
  • simplelink_cc13xx_software_development_kit
  • cc3220sf
CWE
CWE-190

Integer Overflow or Wraparound