CVE-2020-35198 CRITICAL

Published: 2021-05-12 | Last Modified: 2024-11-21 | Status: Modified

Description

An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.

Additional Descriptions (1)

Se detectó un problema en Wind River VxWorks versión 7. El asignador de memoria presenta un posible desbordamiento de enteros al calcular el tamaño de un bloque de memoria que es asignado por una función calloc(). Como resultado, la memoria actual asignada es menor que el tamaño del búfer especificado por los argumentos, conllevando a una corrupción de la memoria

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 7.5 (HIGH)

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-190

Affected Products

Vendor	Product	Version	Update	Type
windriver	vxworks	*	<built-in method update of dict object at 0x72a9cd08c100>	Operating System
windriver	vxworks	*	<built-in method update of dict object at 0x72a961ec8680>	Operating System
windriver	vxworks	6.9.4.12	<built-in method update of dict object at 0x72a9cd08f280>	Operating System
windriver	vxworks	6.9.4.12	<built-in method update of dict object at 0x72a9cc76dbc0>	Operating System
windriver	vxworks	6.9.4.12	<built-in method update of dict object at 0x72a9cd08f400>	Operating System
oracle	communications_eagle	*	<built-in method update of dict object at 0x72a9cc76c3c0>	Application
oracle	communications_eagle	*	<built-in method update of dict object at 0x72a961ec99c0>	Application
oracle	communications_eagle	46.7.0	<built-in method update of dict object at 0x72a9cd08de80>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:windriver:vxworks::::::::`
Yes	`cpe:2.3:o:windriver:vxworks::::::::`
Yes	`cpe:2.3:o:windriver:vxworks:6.9.4.12:-::::::`
Yes	`cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1::::::`
Yes	`cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:oracle:communications_eagle::::::::`
Yes	`cpe:2.3:a:oracle:communications_eagle::::::::`
Yes	`cpe:2.3:a:oracle:communications_eagle:46.7.0:::::::*`

References

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198
Source: [email protected]

Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Source: [email protected]

Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: [email protected]

Patch Third Party Advisory
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://support2.windriver.com/index.php?page=security-notices
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory