Published: 03/05/2022 Updated: 12/05/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

NXP MCUXpresso SDK versions before 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nxp mcuxpresso software development kit

Critical Infrastructure Sectors: Energy

Randezvous is a randomization-based control-flow hijacking defense on ARM microcontrollers (MCUs),

The Randezvous Project This repository contains and organizes code that we used to evaluate Randezvous Brief Introduction Randezvous is a software defense against control-flow hijacking attacks on embedded microcontroller (MCU) systems, built up on diversification and eXecute-Only Memory (XOM) Unlike other control-flow hijacking defenses on MCU systems, Randezvous assumes a b

CWE-190 https://mcuxpresso.nxp.com/en/welcome https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04 https://nvd.nist.gov https://github.com/URSec/Randezvous https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04

CVE-2021-27421

Vulnerability Summary

Vulnerability Trend

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect