Vulnerability Description
Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ti | Real-Time Operating System | - |
| Ti | Cc3200 | - |
| Ti | Cc3220R | - |
| Ti | Cc3220S | - |
| Ti | Cc3220Sf | - |
| Ti | Cc3230S | - |
| Ti | Cc3230Sf | - |
| Ti | Cc3235S | - |
| Ti | Cc3235Sf | - |
| Ti | Simplelink Cc13Xx Software Development Kit | < 4.40.00 |
| Ti | Simplelink Cc26Xx Software Development Kit | < 4.40.00 |
| Ti | Simplelink Cc32Xx Software Development Kit | < 4.10.03 |
| Ti | Simplelink Msp432E401Y | - |
| Ti | Simplelink Msp432E411Y | - |
Related Weaknesses (CWE)
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
- https://www.ti.com/tool/TI-RTOS-MCUProduct
- https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04Third Party AdvisoryUS Government Resource
- https://www.ti.com/tool/TI-RTOS-MCUProduct
FAQ
What is CVE-2021-27429?
CVE-2021-27429 is a vulnerability with a CVSS score of 7.4 (HIGH). Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.
How severe is CVE-2021-27429?
CVE-2021-27429 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27429?
Check the references section above for vendor advisories and patch information. Affected products include: Ti Real-Time Operating System, Ti Cc3200, Ti Cc3220R, Ti Cc3220S, Ti Cc3220Sf.