CVE-2021-27429

HIGH EPSS 19.3%
Published Nov 20, 20232y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Nov 20, 2023 2y ago
Last Modified Jun 17, 2026 2w ago

Description

Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in 'HeapTrack_alloc' and result in code execution.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
19.3% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 14

VendorProductVersionRange
tireal-time_operating_system*any
ticc3200*any
ticc3220r*any
ticc3220s*any
ticc3220sf*any
ticc3230s*any
ticc3230sf*any
ticc3235s*any
ticc3235sf*any
tisimplelink_cc13xx_software_development_kit* <4.40.00
tisimplelink_cc26xx_software_development_kit* <4.40.00
tisimplelink_cc32xx_software_development_kit* <4.10.03
tisimplelink_msp432e401y*any
tisimplelink_msp432e411y*any

References 2

  • cisa.gov https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04
    Third Party AdvisoryUS Government Resource
  • ti.com https://www.ti.com/tool/TI-RTOS-MCU
    Product

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.