Summary
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.
Details
If an attacker could control the size or alignment arguments to the __portable_aligned_alloc() function, they could cause an integer wraparound thus causing malloc() to allocate a small amount of memory, exposing to subsequent heap buffer overflows (AKA BadAlloc-style memory corruption).
The vulnerable code has been removed.
Patch
3fae1c0
0xdea Reporter
Summary
In Eclipse ThreadX NetX Duo before 6.4.0, if an attacker can control parameters of __portable_aligned_alloc() could cause an integer wrap-around and an allocation smaller than expected. This could cause subsequent heap buffer overflows.
Details
If an attacker could control the
sizeoralignmentarguments to the__portable_aligned_alloc()function, they could cause an integer wraparound thus causingmalloc()to allocate a small amount of memory, exposing to subsequent heap buffer overflows (AKA BadAlloc-style memory corruption).The vulnerable code has been removed.
Patch
3fae1c0