PT-2021-15165 · Texas Instruments · Simplelink Wi-Fi
David Atch
+1
·
Published
2021-05-07
·
Updated
2021-05-17
·
CVE-2021-22671
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SimpleLink Wi-Fi (MSP432E4 SDK) versions v4.20.00.12 and prior
SimpleLink Wi-Fi (CC32XX SDK) versions v4.30.00.06 and prior
SimpleLink Wi-Fi (CC13X0 SDK) versions prior to v4.10.03
SimpleLink Wi-Fi (CC13X2 and CC26XX SDK) versions prior to v4.40.00
SimpleLink Wi-Fi (CC3200 SDK) versions v1.5.0 and prior
SimpleLink Wi-Fi (CC3100 SDK) versions v1.3.0 and prior
Description
The issue arises from multiple integer overflow problems when handling long domain names, potentially allowing remote code execution.
Recommendations
For MSP432E4 SDK versions v4.20.00.12 and prior, update to a version later than v4.20.00.12.
For CC32XX SDK versions v4.30.00.06 and prior, update to a version later than v4.30.00.06.
For CC13X0 SDK versions prior to v4.10.03, update to version v4.10.03 or later.
For CC13X2 and CC26XX SDK versions prior to v4.40.00, update to version v4.40.00 or later.
For CC3200 SDK versions v1.5.0 and prior, update to a version later than v1.5.0.
For CC3100 SDK versions v1.3.0 and prior, update to a version later than v1.3.0.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simplelink Wi-Fi