Описание
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
Ссылки
- Permissions RequiredVendor Advisory
- Third Party AdvisoryUS Government Resource
- Permissions RequiredVendor Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.1 (включая) до 4.5.3 (включая)
cpe:2.3:a:ecoscentric:ecospro:*:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
4.6 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-190
CWE-190
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
EPSS
Процентиль: 40%
0.00182
Низкий
4.6 Medium
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-190
CWE-190