CVE-2021-22636

Published: Nov 20, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.

Affected (6)

Products: Ti: Real Time Operating System, Simplelink Cc13xx Software Development Kit, Simplelink Cc26xx Software Development Kit, Simplelink Cc32xx Software Development Kit, Simplelink Msp432e401y, Simplelink Msp432e411y

6 products

Real Time Operating System

Simplelink Cc13xx Software Development Kit

Simplelink Cc26xx Software Development Kit

Simplelink Cc32xx Software Development Kit

Simplelink Msp432e401y

Simplelink Msp432e411y

Configuration A

1 vulnerable · 8 platform

Vulnerable Software	Affected Versions
Ti Real Time Operating System	All versions

Running on/with	Platform Versions
Ti Cc3200	All versions
Ti Cc3220r	All versions
Ti Cc3220s	All versions
Ti Cc3220sf	All versions
Ti Cc3230s	All versions
Ti Cc3230sf	All versions
Ti Cc3235s	All versions
Ti Cc3235sf	All versions

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Ti Simplelink Cc13xx Software Development Kit	Before 4.40.00
Ti Simplelink Cc26xx Software Development Kit	Before 4.40.00
Ti Simplelink Cc32xx Software Development Kit	Before 4.10.03
Ti Simplelink Msp432e401y	All versions
Ti Simplelink Msp432e411y	All versions