Lucene search

IcscertCVELIST:CVE-2021-27411

HistoryMay 03, 2022 - 8:18 p.m.

CVE-2021-27411 Micrium OS Integer Overflow or Wraparound

2022-05-0320:18:42

CWE-190

icscert

www.cve.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.001 Low

EPSS

Percentile

36.8%

JSON

Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.

CNA Affected

[
  {
    "product": "Micrium OS",
    "vendor": "Micrium",
    "versions": [
      {
        "lessThanOrEqual": "5.10.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-21-119-04

www.silabs.com/developers/micrium-os

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVELIST:CVE-2021-27411