Filtered by vendor Google
Subscribe
Filtered by product Cloud Iot Device Sdk For Embedded C
Subscribe
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-22547 | 1 Google | 1 Cloud Iot Device Sdk For Embedded C | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater. |