Integer Overflow Vulnerability in Atmel Advanced Software Framework by Microchip
CVE-2019-16127

9.1CRITICAL

Key Information:

Vendor

Microchip

Status
Advanced Software Framework 4
Vendor
CVE Published:
22 October 2020

What is CVE-2019-16127?

The Atmel Advanced Software Framework (ASF) version 4 has been identified to contain an integer overflow vulnerability that could lead to unpredictable behavior in software utilizing flash read, write, and append operations. Such vulnerabilities pose risks to security as they can be exploited to execute arbitrary code or cause system crashes, thereby compromising the integrity of embedded systems that use the affected framework.

References

https://www.microchip.com/mplab/avr-support/advanced-soft...
x_refsource_MISC
https://census-labs.com/news/2020/10/21/microchip-asf4-in...
x_refsource_MISC
https://www.openwall.com/lists/oss-security/2020/10/22/1
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2019-16127 : Integer Overflow Vulnerability in Atmel Advanced Software Framework by Microchip