Unrated severityNVD Advisory· Published May 4, 2021· Updated Aug 3, 2024
Buffer overrun in Google Cloud IoT Device SDK for Embedded C
CVE-2021-22547
Description
In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <1.0.3
- Google LLC/Google Cloud IoT Device SDK for Embedded Cv5Range: unspecified
Patches
Vulnerability mechanics
References
2- github.com/GoogleCloudPlatform/iot-device-sdk-embedded-c/blob/master/RELEASE-NOTES.mdmitrex_refsource_MISC
- github.com/GoogleCloudPlatform/iot-device-sdk-embedded-c/pull/119mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.