Vulnerabilities (CVE)

Filtered by vendor Google Subscribe
Filtered by product Cloud Iot Device Sdk For Embedded C
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-22547 1 Google 1 Cloud Iot Device Sdk For Embedded C 2024-11-21 4.6 MEDIUM 6.3 MEDIUM
In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater.