CVE-2021-22547 – In IoT Devices SDK, there is an implementation of calloc() that doesn’t have a length chec …

4 May 2021

Vuln ID: CVE-2021-22547

Published: 2021-05-04 13:15:07Z

Description: In IoT Devices SDK, there is an implementation of calloc() that doesn’t have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater.

Source: NVD.NIST.GOV

Date:

4 May 2021

Categorie(s):

NVD

Tag(s):

NVD

Navigating the ethical frontiers of our digital ecosystem23 April 2024
CIO interview – Dinkar Gupta of KPMG creates a culture for learning23 April 2024
Leicester streetlights take ransomware attack personally, shine on 24/723 April 2024
Veeam acquires Coveware to bolster its ransomware incident response capabilities23 April 2024
German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies23 April 2024