PT-2021-15135 · Google · Google Cloud Iot Device Sdk For Embedded C

Published

2021-05-04

Updated

2021-05-07

CVE-2021-22547

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Cloud IoT Device SDK for Embedded C versions prior to 1.0.3

Description The issue is related to an implementation of calloc() that lacks a length check. This allows an attacker to pass in memory objects larger than the buffer, potentially wrapping around to access smaller buffers than required, and gain access to other parts of the heap.

Recommendations For versions prior to 1.0.3, upgrade the Google Cloud IoT Device SDK for Embedded C to version 1.0.3 or greater.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2021-22547

Affected Products

Google Cloud Iot Device Sdk For Embedded C

PT-2021-15135 · Google · Google Cloud Iot Device Sdk For Embedded C

CVE-2021-22547

Weakness Enumeration

Related Identifiers

Affected Products

References · 6