In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
References
Link | Resource |
---|---|
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 | Vendor Advisory |
https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 | Permissions Required |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
12 May 2022, 14:33
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
First Time |
Oracle
Oracle communications Eagle |
|
CPE | cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:* |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-190 CWE-787 |
|
References |
|
23 Feb 2021, 16:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 7.3 |
05 Feb 2021, 21:42
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 - Vendor Advisory | |
References | (MISC) https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 - Permissions Required | |
CPE | cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:* cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:* cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:* |
|
CWE | CWE-120 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
03 Feb 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-03 16:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-28895
Mitre link : CVE-2020-28895
CVE.ORG link : CVE-2020-28895
JSON object : View
Products Affected
windriver
- vxworks
oracle
- communications_eagle