CyberSec.Space Logo
CVEブラウザに戻る

CVE-2021-22156

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1300%
EPSS Percentile5.53th
Published2021年8月17日
Last Modified2025年8月22日

Vulnerability Description

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

Affected Platforms (CPE)

📦
Blackberry

Qnx Software Development Platform

< 6.5.0
📦
Blackberry

Qnx Software Development Platform

= 6.5.0
📦
Blackberry

Qnx Software Development Platform

= 6.5.0
💻
Blackberry

Qnx Os For Medical

<= 1.1.1
💻
Blackberry

Qnx Os For Safety

<= 1.0.2

References & Advisories

🔗 https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL
🔗 https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
🔗 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL

関連する脆弱性情報

CVE-2020-693210.0

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Software Develop...

CVE-2017-38919.6

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration ...

CVE-2021-320258.1

An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform versi...

CVE-2019-89987.8

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the /proc file...

CVE-2021-22156 Detail & Impact Analysis | CVSS 9.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space