CVE-2020-28895 Information

Description

In Wind River VxWorks memory allocator has a possible overflow in calculating the memory block’s size to be allocated by calloc(). As a result the actual memory allocated is smaller than the buffer size specified by the arguments leading to memory corruption.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Reference

https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-28895 https://support2.windriver.com/index.php?page=defects&on=view&id=V7LIBC-1327 https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

7.3