2 matches found
CVE-2021-27427
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...
CVE-2021-27417
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc an implementation of malloc. The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow...