Filtered by vendor Google
Subscribe
Filtered by product Cloud Iot Device Sdk For Embedded C
Subscribe
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22547 | 1 Google | 1 Cloud Iot Device Sdk For Embedded C | 2021-05-07 | 4.6 MEDIUM | 7.8 HIGH |
| In IoT Devices SDK, there is an implementation of calloc() that doesn't have a length check. An attacker could pass in memory objects larger than the buffer and wrap around to have a smaller buffer than required, allowing the attacker access to the other parts of the heap. We recommend upgrading the Google Cloud IoT Device SDK for Embedded C used to 1.0.3 or greater. | |||||