Vulnerability Description
eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ecoscentric | Ecospro | >= 2.0.1, <= 4.5.3 |
Related Weaknesses (CWE)
References
- https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437Permissions RequiredVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
- https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437Permissions RequiredVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-27417?
CVE-2021-27417 is a vulnerability with a CVSS score of 4.6 (MEDIUM). eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memo...
How severe is CVE-2021-27417?
CVE-2021-27417 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27417?
Check the references section above for vendor advisories and patch information. Affected products include: Ecoscentric Ecospro.