CVE-2021-22156
Published: 17 August 2021
Summary
CVE-2021-22156 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Blackberry Qnx Software Development Platform. Its CVSS base score is 9.0 (Critical).
Operationally, ranked in the top 24.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-9303
Vulnerability details
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1…
more
and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.