- Vulnerability/
- CVE-2021-44479
CVE-2021-44479
First published: Wed Dec 01 2021(Updated: )
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nxp Kinetis K82 Firmware | ||
| NXP Kinetis K82 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-44479?
CVE-2021-44479 is a vulnerability that affects NXP Kinetis K82 devices, allowing a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode, resulting in the disclosure of protected flash memory.
How does CVE-2021-44479 affect NXP Kinetis K82 devices?
CVE-2021-44479 affects NXP Kinetis K82 devices by allowing a buffer over-read when a crafted wlength value is used in a GET Status-Other request during USB In-System Programming (ISP) mode, leading to the disclosure of protected flash memory.
What is the severity of CVE-2021-44479?
The severity of CVE-2021-44479 is medium, with a CVSS score of 5.5.
How can I fix CVE-2021-44479?
To fix CVE-2021-44479, it is recommended to apply the latest firmware update provided by NXP for the Kinetis K82 devices.
What is the Common Weakness Enumeration (CWE) for CVE-2021-44479?
The CWE for CVE-2021-44479 is CWE-125 (Out-of-bounds Read).
- collector/nvd-index
- vendor/nxp
- product/kinetis k82 firmware
- canonical/nxp kinetis k82 firmware
- product/kinetis k82
- canonical/nxp kinetis k82