ARM mbed Integer Overflow or Wraparound

CVE-2021-27435

7.3HIGH

Key Information

Vendor: Arm
Status: Mbed
Vendor: CVE Published:; 3 May 2022

Summary

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Affected Version(s)

mbed = 6.3.0

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 9.8 to: 7.3 - (HIGH)
Feb 22, 2024
Vulnerability published.
May 3, 2022
Vulnerability Reserved.
Feb 19, 2021

Collectors

NVD DatabaseMitre Database

Credit

David Atch, Omri Ben Bassat, and Tamir Ariel from Microsoft Section 52, and the Azure Defender for IoT research group reported these vulnerabilities to CISA.