Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-22636
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-20 Nov, 2023 | 19:02
Updated At-03 Aug, 2024 | 18:44
Rejected At-
▼CVE Numbering Authority (CNA)
Texas Instruments TI-RTOS Integer Overflow or Wraparound

Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in 'HeapMem_allocUnprotected' and result in code execution.

Affected Products
Vendor
Texas Instruments
Product
CC32XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.40.00.07 (custom)
Vendor
Texas Instruments
Product
SimpleLink MSP432E4XX
Default Status
unaffected
Versions
Affected
  • all versions
Vendor
Texas Instruments
Product
SimpleLink-CC13XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.40.00 (custom)
Vendor
Texas Instruments
Product
SimpleLink-CC26XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.40.00 (custom)
Vendor
Texas Instruments
Product
SimpleLink-CC32XX
Default Status
unaffected
Versions
Affected
  • From 0 before 4.10.03 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-190CWE-190: Integer Overflow or Wraparound
Type: CWE
CWE ID: CWE-190
Description: CWE-190: Integer Overflow or Wraparound
Metrics
VersionBase scoreBase severityVector
3.17.4HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Texas Instruments CC32XX – Update to v4.40.00.07 Texas Instruments SimpleLink CC13X0 – Update to v4.10.03 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html Texas Instruments SimpleLink CC13X2-CC26X2 – Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html Texas Instruments SimpleLink CC2640R2 – Update to v4.40.00 https://www.ti.com/technologies/security/report-product-security-vulnerabilities.html Texas Instruments SimpleLink MSP432E4 – Confirmed. No update currently planned

Configurations
Workarounds
Exploits
Credits
finder
David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
N/A
https://www.ti.com/tool/TI-RTOS-MCU
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
Resource: N/A
Hyperlink: https://www.ti.com/tool/TI-RTOS-MCU
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
x_transferred
https://www.ti.com/tool/TI-RTOS-MCU
x_transferred
Hyperlink: https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
Resource:
x_transferred
Hyperlink: https://www.ti.com/tool/TI-RTOS-MCU
Resource:
x_transferred
Details not found