CVE-2021-27417

Name of the Vulnerable Software and Affected Versions eCosCentric eCosPro RTOS versions 2.0.1 through 4.5.3

Description The issue concerns an integer wraparound in the calloc function, which is an implementation of malloc. This can lead to unverified memory assignment, resulting in arbitrary memory allocation and a heap-based buffer overflow.

Recommendations For versions 2.0.1 through 4.5.3, consider disabling the calloc function until a patch is available to prevent potential heap-based buffer overflows. Restrict memory allocation to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.