CVE-2021-26461 - OpenCVE

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Nuttx

Configuration 1 [-]

cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2021-06-21T17:10:11

Updated: 2024-08-03T20:26:25.470Z

Reserved: 2021-01-30T00:00:00

Link: CVE-2021-26461

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-21T17:15:09.103

Modified: 2021-06-24T19:30:09.520

Link: CVE-2021-26461

Redhat

No data.

{"containers": {"cna": {"affected": [{"platforms": [" INTEGER OVERFLOW OR WRAPAROUND CWE-190"], "product": "Apache NuttX", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "10.1.0", "status": "affected", "version": "Apache NuttX", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."}], "descriptions": [{"lang": "en", "value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "INTEGER OVERFLOW OR WRAPAROUND CWE-190", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-21T17:10:10", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"}], "source": {"discovery": "UNKNOWN"}, "title": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "BadAlloc", "ASSIGNER": "security@apache.org", "ID": "CVE-2021-26461", "STATE": "PUBLIC", "TITLE": "malloc, realloc and memalign implementations are vulnerable to integer wrap-arounds"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache NuttX", "version": {"version_data": [{"platform": " INTEGER OVERFLOW OR WRAPAROUND CWE-190", "version_affected": "<", "version_name": "Apache NuttX", "version_value": "10.1.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "Apache NuttX would like to thank Omri Ben-Bassat of Section 52 at Azure Defender for IoT of Microsoft Corp for bringing this issue to our attention."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INTEGER OVERFLOW OR WRAPAROUND CWE-190"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"}]}, "source": {"discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:26:25.470Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-26461", "datePublished": "2021-06-21T17:10:11", "dateReserved": "2021-01-30T00:00:00", "dateUpdated": "2024-08-03T20:26:25.470Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:nuttx:*:*:*:*:*:*:*:*", "matchCriteriaId": "51892CA5-29E2-45AF-9BDC-BA900F75A602", "versionEndExcluding": "10.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution."}, {"lang": "es", "value": "Apache Nuttx versiones anteriores a 10.1.0, son vulnerables a una envoltura de enteros en las funciones malloc, realloc y memalign. Esta asignaci\u00f3n de memoria inapropiada puede conllevar a una asignaci\u00f3n de memoria arbitraria, resultando en un comportamiento inesperado, tal y como un bloqueo o una inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo remota"}], "id": "CVE-2021-26461", "lastModified": "2021-06-24T19:30:09.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-21T17:15:09.103", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "security@apache.org", "type": "Secondary"}]}