CVE-2021-22675

Name of the Vulnerable Software and Affected Versions Texas Instruments SimpleLink Wi-Fi versions prior to MSP432E4 SDK: v4.20.00.12 Texas Instruments SimpleLink Wi-Fi CC32XX SDK versions prior to v4.30.00.06 Texas Instruments SimpleLink Wi-Fi CC13X0 SDK versions prior to v4.10.03 Texas Instruments SimpleLink Wi-Fi CC13X2 and CC26XX SDK versions prior to v4.40.00 Texas Instruments SimpleLink Wi-Fi CC3200 SDK versions prior to v1.5.0 Texas Instruments SimpleLink Wi-Fi CC3100 SDK versions prior to v1.3.0

Description The issue arises from an integer overflow when parsing malformed over-the-air firmware update files, potentially allowing remote code execution.

Recommendations For MSP432E4 SDK versions prior to v4.20.00.12, update to a version later than v4.20.00.12 to resolve the issue. For CC32XX SDK versions prior to v4.30.00.06, update to a version later than v4.30.00.06 to resolve the issue. For CC13X0 SDK versions prior to v4.10.03, update to a version later than v4.10.03 to resolve the issue. For CC13X2 and CC26XX SDK versions prior to v4.40.00, update to a version later than v4.40.00 to resolve the issue. For CC3200 SDK versions prior to v1.5.0, update to a version later than v1.5.0 to resolve the issue. For CC3100 SDK versions prior to v1.3.0, update to a version later than v1.3.0 to resolve the issue.