VYPR

Cloud IoT Device SDK for Embedded C

by Google

CVEs (1)

  • CVE-2021-22547May 4, 2021
    risk 0.00cvss epss 0.00

    In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We…