First published: Tue May 03 2022(Updated: )
Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Mongoose OS | =2.17.0 | |
Amazon FreeRTOS | ||
Apache NuttX | ||
ARM CMSIS-RTOS2 | ||
Arm Mbed OS | ||
Arm Mbed ualloc | ||
QNX | ||
BlackBerry QNX OS for Safety | ||
BlackBerry QNX OS for Medical | ||
QNX | ||
Mongoose OS | ||
eCosCentric eCosPro RTOS | ||
Google Cloud IoT Device SDK | ||
MediaTek LinkIt SDK | ||
Micrium OS | ||
Micrium uC/OS | ||
NXP MCUXpresso SDK | ||
NXP MQX | ||
newlib | ||
RIOT OS | ||
Samsung Tizen RT | ||
TencentOS-tiny | ||
Texas Instruments SimpleLink CC32XX | ||
Texas Instruments SimpleLink MSP432E4 SDK | ||
Texas Instruments SimpleLink CC13X2 SDK | ||
Texas Instruments SimpleLink CC26XX | ||
Texas Instruments SimpleLink CC32XX | ||
uClibc | ||
Wind River VxWorks | ||
Zephyr Project RTOS |
Cesanta Software Mongoose update available
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-27425 is a vulnerability in Cesanta Software Mongoose-OS v2.17.0 that allows for integer wrap-around in the function mm_malloc, leading to arbitrary memory allocation and potential remote code injection/execution.
CVE-2021-27425 has a severity rating of 9.8, which is considered critical.
The CVE-2021-27425 vulnerability can be exploited by triggering the integer wrap-around in the mm_malloc function, allowing for arbitrary memory allocation and potential remote code injection or execution.
CVE-2021-27425 affects Mongoose-OS version 2.17.0.
Currently, there are no known mitigations for CVE-2021-27425. It is recommended to update to a patched version of Mongoose-OS when available.