ARM mbed-ualloc memory library Integer Overflow or Wraparound

CVE-2021-27433

7.3HIGH

Key Information

Vendor: Arm
Status: Mbed-ualloc Memory Library
Vendor: CVE Published:; 3 May 2022

Summary

ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Affected Version(s)

mbed-ualloc memory library = 1.3.0

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 7.3 - (HIGH)
Feb 22, 2024
Vulnerability published.
May 3, 2022
Vulnerability Reserved.
Feb 19, 2021

Collectors

NVD DatabaseMitre Database

Credit

David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA.