CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27421 – NXP MCUXpresso SDK Integer Overflow or Wraparound
https://notcve.org/view.php?id=CVE-2021-27421
03 May 2022 — NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. NXP MCUXpresso SDK versiones anteriores a 2.8.2, son vulnerables a un desbordamiento de enteros en la función SDK_Malloc, que podría permitir el acceso a ubicaciones de memoria fuera de los límites d... • https://mcuxpresso.nxp.com/en/welcome • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38260
https://notcve.org/view.php?id=CVE-2021-38260
25 Oct 2021 — NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). Se ha detectado que NXP MCUXpresso SDK versión v2.7.0, contiene un desbordamiento de búfer en la función USB_HostParseDeviceConfigurationDescriptor() • https://mcusec.github.io/vulnerabilities_details#nxp_usb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38258
https://notcve.org/view.php?id=CVE-2021-38258
25 Oct 2021 — NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). Se ha detectado que NXP MCUXpresso SDK versión v2.7.0, contiene un desbordamiento de búfer en la función USB_HostProcessCallback() • https://mcusec.github.io/vulnerabilities_details#nxp_usb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •