Vulnerability Description
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Blackberry | Qnx Software Development Platform | < 6.5.0 |
| Blackberry | Qnx Os For Medical | <= 1.1.1 |
| Blackberry | Qnx Os For Safety | <= 1.0.2 |
Related Weaknesses (CWE)
References
- https://support.blackberry.com/kb/articleDetail?articleNumber=000082334PatchVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qThird Party Advisory
- https://support.blackberry.com/kb/articleDetail?articleNumber=000082334PatchVendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qThird Party Advisory
FAQ
What is CVE-2021-22156?
CVE-2021-22156 is a vulnerability with a CVSS score of 9.0 (CRITICAL). An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS ...
How severe is CVE-2021-22156?
CVE-2021-22156 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-22156?
Check the references section above for vendor advisories and patch information. Affected products include: Blackberry Qnx Software Development Platform, Blackberry Qnx Os For Medical, Blackberry Qnx Os For Safety.