CVE-2020-35198
Description
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory blocks size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.099
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-12258,CVE-2020-28895,CVE-2020-35198,CVE-2022-38767 are affected in Wind River VxWorks 6.9.4.11 | Windows |
| Vulnerabilities CVE-2020-28895,CVE-2020-35198,CVE-2022-38767 are affected in Wind River VxWorks 6.9.4.12 | Windows |
| Vulnerabilities CVE-2020-35198 are affected in Wind River VxWorks 21.2-sr0630 | Windows |
| Vulnerabilities CVE-2020-35198 are affected in Wind River VxWorks 6.9.4.12-rolling_cumulative_patch_layer1 | Windows |
| Vulnerabilities CVE-2020-35198,CVE-2021-43268 are affected in Wind River VxWorks 6.9.4.12-rolling_cumulative_patch_layer2 | Windows |
| Vulnerabilities CVE-2020-35198,CVE-2021-29997 are affected in Wind River VxWorks 7.0-sr0630 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234