Headline
CVE-2020-28895: Wind River
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\’s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Priority: HIGH
CVSS v3: 7.3
Component: It doesn\’t impact WRLinux.
Publish Date: Feb 3, 2021
Related ID: –
CVSS v2: CRITICAL
Modified Date: Feb 5, 2021
Find out more about CVE-2020-28895 from the MITRE-CVE dictionary and NIST NVD
Login may be required to access defects or downloads.
Product Name
Status
Defect
Fixed
Downloads
Linux
Wind River Linux LTS 17
Not Vulnerable
–
–
–
Wind River Linux 8
Not Vulnerable
–
–
–
Wind River Linux 9
Not Vulnerable
–
–
–
Wind River Linux 7
Not Vulnerable
–
–
–
Wind River Linux LTS 21
Not Vulnerable
–
–
–
Wind River Linux LTS 18
Not Vulnerable
–
–
–
Wind River Linux LTS 19
Not Vulnerable
–
–
–
Wind River Linux CD release
Not Vulnerable
–
–
–
VxWorks
VxWorks 7
Fixed
V7LIBC-1327
21.03
–
VxWorks 6.9
Fixed
V7LIBC-1327
6.9.4.12 RCPL3
–
Product Name
Status
Defect
Fixed
Downloads
Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Related news
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service ...