Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2021-22156

Published: 17/08/2021 Updated: 30/08/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Blackberry

Vulnerability Summary

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and previous versions, QNX OS for Medical 1.1 and previous versions, and QNX OS for Safety 1.0.1 and previous versions that could allow an malicious user to potentially perform a denial of service or execute arbitrary code.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

blackberry qnx software development platform

blackberry qnx software development platform 6.5.0

blackberry qnx os for medical

blackberry qnx os for safety

Vendor Advisories

Cisco: BlackBerry QNX-2021-001 Vulnerability Affecting Cisco Products: August 2021
On August 17, 2021, BlackBerry released a security advisory, QNX-2021-001, that disclosed an integer overflow vulnerability in the following BlackBerry software releases: QNX Software Development Platform (SDP) - 650SP1 and earlier QNX OS for Medical - 11 and earlier QNX OS for Safety - 101 and earlier A successful exploit could allow an at ...

ICS Advisories

Multiple RTOS (Update D)
Critical Infrastructure Sectors: Energy

Recent Articles

After reportedly dragging its feet, BlackBerry admits, yes, QNX in cars, equipment suffers from BadAlloc bug
The Register • Thomas Claburn in San Francisco • 19 Aug 2021

Get our weekly newsletter Four months after Microsoft went public, ex-RIM biz puts its hand up

BlackBerry this week issued a critical security advisory for past versions of its QNX Real Time Operating System (RTOS), used in more than 175m cars, medical equipment, and industrial systems. BlackBerry QNX Software Development Platform (SDP) version 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 are affected by an integer overflow vulnerability in the calloc() function of the C runtime library. The flaw, identified as CVE-2021-22156 with a CVSS (severity)...

Read more...

References

CWE-190https://support.blackberry.com/kb/articleDetail?articleNumber=000082334https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdLhttps://nvd.nist.govhttps://www.theregister.co.uk/2021/08/19/blackberry_qnxrtos_badalloc/https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-29895injectCVE-2023-52689CVE-2024-5049CVE-2024-5051privilege escalationphysicalCVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook