Integer Wraparound in calloc Function Leading to Heap-Based Buffer Overflow in eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3

Integer Wraparound in calloc Function Leading to Heap-Based Buffer Overflow in eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3

CVE-2021-27417 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.

Learn more about our Web Application Penetration Testing UK.