Integer Overflow or Wraparound Affecting nuttx package, versions [,10.1.0)


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
2.05% (84th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-NUTTX-2370330
  • published26 Jan 2022
  • disclosed21 Jun 2021
  • creditUnknown

Introduced: 21 Jun 2021

CVE-2021-26461  (opens in a new tab)
CWE-190  (opens in a new tab)

How to fix?

Upgrade nuttx to version 10.1.0 or higher.

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

CVSS Base Scores

version 3.1