CVE-2021-26461

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-26461
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26461.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-26461
Published
2021-06-21T17:15:09.103Z
Modified
2025-11-20T11:37:41.310705Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

References

Affected packages

Git / github.com/apache/incubator-nuttx

Affected ranges

Type
GIT
Repo
https://github.com/apache/incubator-nuttx
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
3130ff691e386934eb276587a24d1efacf3bb30b

Affected versions

nuttx-1.*

nuttx-1.0
nuttx-1.1
nuttx-1.2

nuttx-10.*

nuttx-10.1.0-RC0

nuttx-2.*

nuttx-2.1
nuttx-2.2
nuttx-2.3
nuttx-2.4
nuttx-2.5
nuttx-2.6
nuttx-2.7
nuttx-2.8

nuttx-3.*

nuttx-3.0
nuttx-3.1
nuttx-3.10
nuttx-3.11
nuttx-3.12
nuttx-3.13
nuttx-3.14
nuttx-3.15
nuttx-3.16
nuttx-3.17
nuttx-3.18
nuttx-3.19
nuttx-3.2
nuttx-3.3
nuttx-3.4
nuttx-3.5
nuttx-3.6
nuttx-3.6.1
nuttx-3.7
nuttx-3.8
nuttx-3.9

nuttx-4.*

nuttx-4.0
nuttx-4.1
nuttx-4.10
nuttx-4.11
nuttx-4.12
nuttx-4.13
nuttx-4.14
nuttx-4.2
nuttx-4.3
nuttx-4.4
nuttx-4.5
nuttx-4.6
nuttx-4.7
nuttx-4.8
nuttx-4.9

nuttx-5.*

nuttx-5.0
nuttx-5.1
nuttx-5.10
nuttx-5.11
nuttx-5.12
nuttx-5.13
nuttx-5.14
nuttx-5.15
nuttx-5.16
nuttx-5.17
nuttx-5.18
nuttx-5.19
nuttx-5.2
nuttx-5.3
nuttx-5.4
nuttx-5.5
nuttx-5.6
nuttx-5.7
nuttx-5.8
nuttx-5.9

nuttx-6.*

nuttx-6.0
nuttx-6.1
nuttx-6.10
nuttx-6.11
nuttx-6.12
nuttx-6.13
nuttx-6.14
nuttx-6.15
nuttx-6.16
nuttx-6.17
nuttx-6.18
nuttx-6.19
nuttx-6.2
nuttx-6.20
nuttx-6.21
nuttx-6.22
nuttx-6.23
nuttx-6.24
nuttx-6.25
nuttx-6.26
nuttx-6.27
nuttx-6.28
nuttx-6.29
nuttx-6.3
nuttx-6.30
nuttx-6.31
nuttx-6.32
nuttx-6.33
nuttx-6.4
nuttx-6.5
nuttx-6.6
nuttx-6.7
nuttx-6.8
nuttx-6.9

nuttx-7.*

nuttx-7.1
nuttx-7.10
nuttx-7.11
nuttx-7.12
nuttx-7.13
nuttx-7.14
nuttx-7.15
nuttx-7.16
nuttx-7.17
nuttx-7.18
nuttx-7.19
nuttx-7.2
nuttx-7.20
nuttx-7.21
nuttx-7.22
nuttx-7.23
nuttx-7.24
nuttx-7.25
nuttx-7.26
nuttx-7.27
nuttx-7.28
nuttx-7.29
nuttx-7.3
nuttx-7.30
nuttx-7.31
nuttx-7.4
nuttx-7.5
nuttx-7.6
nuttx-7.7
nuttx-7.8
nuttx-7.9

nuttx-8.*

nuttx-8.1
nuttx-8.2

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "target": {
            "file": "arch/risc-v/src/k210/k210_irq.c"
        },
        "signature_version": "v1",
        "source": "https://github.com/apache/incubator-nuttx/commit/3130ff691e386934eb276587a24d1efacf3bb30b",
        "digest": {
            "line_hashes": [
                "316238073908397001294668170111245935112",
                "243780462924448801141492148254774031381",
                "276030682232053770831914696041104985276",
                "119304014593459627961731653517724272458"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2021-26461-1d1ad43a"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "target": {
            "file": "arch/risc-v/src/k210/k210_irq.c",
            "function": "up_irqinitialize"
        },
        "signature_version": "v1",
        "source": "https://github.com/apache/incubator-nuttx/commit/3130ff691e386934eb276587a24d1efacf3bb30b",
        "digest": {
            "length": 932.0,
            "function_hash": "105513224271813551519762554760106111115"
        },
        "id": "CVE-2021-26461-abcf61fc"
    }
]