CyberSec.Space Logo
Back to CVE Browser

CVE-2021-22156

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile5.53th
PublishedAug 17, 2021
Last ModifiedAug 22, 2025

Vulnerability Description

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

Affected Platforms (CPE)

📦
Blackberry

Qnx Software Development Platform

< 6.5.0
📦
Blackberry

Qnx Software Development Platform

= 6.5.0
📦
Blackberry

Qnx Software Development Platform

= 6.5.0
💻
Blackberry

Qnx Os For Medical

<= 1.1.1
💻
Blackberry

Qnx Os For Safety

<= 1.0.2

References & Advisories

🔗 https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL
🔗 https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL

Related Vulnerabilities

CVE-2020-693210.0

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Develop...

CVE-2017-38919.6

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration ...

CVE-2021-320258.1

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform versi...

CVE-2019-89987.8

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc file...