CVE-2021-22680

Name of the Vulnerable Software and Affected Versions NXP MQX versions 5.1 and prior

Description The issue is related to integer overflow in mem alloc, lwmem alloc, and partition functions. This can lead to unverified memory assignment, resulting in arbitrary memory allocation and unexpected behavior, such as a crash or remote code injection/execution.

Recommendations For NXP MQX versions 5.1 and prior, consider restricting the use of the mem alloc, lwmem alloc, and partition functions until a patch is available. As a temporary workaround, implement additional validation and verification for memory allocation requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.