CRITICAL🇬🇧 English

CVE-2020-35198

CVSS 9.8v3.1pub. 2021-05-12upd. 2024-11-21

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Oracle Communications Eagle

    APP
    Oracle
    46.7.046.8.0 – 46.8.246.9.1 – 46.9.3
  • Windriver Vxworks

    OS
    Windriver
    6.9.4.126.9 – 6.9.4.12 (bez)7.0 – 21.03 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-29999CRITICAL9.8ten sam produkt

An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.

CVE-2021-29998CRITICAL9.8ten sam produkt

An issue was discovered in Wind River VxWorks before 6.5. There is a possible heap overflow in dhcp client.

CVE-2016-20009CRITICAL9.8ten sam produkt

A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOT...

CVE-2020-10288CRITICAL9.8ten sam produkt

IRC5 exposes an ftp server (port 21). Upon attempting to gain access you are challenged with a request of user...

CVE-2019-12262CRITICAL9.8ten sam produkt

Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET s...