CVE-2021-22156

Sep 3, 2024

Published Date: 2021-08-17T19:15Z

Last Modified: 2021-08-30T11:26Z

CVSS Score: 9.8 (CRITICAL)

EPSS Score: 0.36%

Risk Score: 6.86 (HIGH)

Risk Score based on CVSS score and EPSS. This score is for reference purposes and is not internationally recognized.

CVSS: 9.8 | EPSS: 0.36%

NVD Links:

https://nvd.nist.gov/vuln/detail/CVE-2021-22156

Description: An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

Mitre ATT&CK Technical v15.1

T1592.002 – Software
T1053.002 – At

Technical Analysis & Mitigation Measures

Reference Links

https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL

Vendor - Produce - Version

qnx_software_development_platform - blackberry, qnx_software_development_platform - blackberry, qnx_software_development_platform - blackberry, qnx_os_for_medical - blackberry, qnx_os_for_safety - blackberry

Disclaimer

The content on this website is automatically sourced from external websites such as the National Vulnerability Database (NVD), GitHub, and other security-related sources. This content is for reference purposes only, and we are not responsible for the accuracy or integrity of the information linked or displayed from these sources.