CVE-2021-22156
CRITICALBlackBerry QNX Software Development Platform < 6.5.0SP1 - Integer Overflow in calloc()
Title source: llmDescription
An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
Third Party Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-qnx-TOxjVPdL
Scores
CVSS v3
9.0
EPSS
0.0180
EPSS Percentile
75.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-190
Status
published
Products (4)
blackberry/qnx_os_for_medical
< 1.1.1
blackberry/qnx_os_for_safety
< 1.0.2
blackberry/qnx_software_development_platform
6.5.0 (2 CPE variants)
blackberry/qnx_software_development_platform
< 6.5.0
Published
Aug 17, 2021
Tracked Since
Feb 18, 2026