CVE-2021-27427

EUVD-2021-14181
RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
icscertCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
riot-osriot
2020.01.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/RIOT-OS/RIOT
https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04
https://github.com/RIOT-OS/RIOT
https://www.cisa.gov/uscert/ics/advisories/icsa-21-119-04