Skip to main content

Qnx Software Development Platform CVE-2021-22156

CRITICAL
Integer Overflow or Wraparound (CWE-190)
2021-08-17 secure@blackberry.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 17, 2021 - 19:15 nvd
CRITICAL 9.8

DescriptionNVD

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code.

AnalysisAI

An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An integer overflow vulnerability in the calloc() function of the C runtime library of affected versions of BlackBerry® QNX Software Development Platform (SDP) version(s) 6.5.0SP1 and earlier, QNX OS for Medical 1.1 and earlier, and QNX OS for Safety 1.0.1 and earlier that could allow an attacker to potentially perform a denial of service or execute arbitrary code. Affected products include: Blackberry Qnx Software Development Platform, Blackberry Qnx Os For Medical, Blackberry Qnx Os For Safety.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2013-2687 HIGH POC
7.8 Jul 12

Stack-based buffer overflow in the bpe_decompress function in (1) BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 and (2)

CVE-2013-2688 MEDIUM POC
5.4 Jul 12

Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through 6.5.0 SP1 in the QNX Software Development Platform al

CVE-2025-2474 CRITICAL
9.8 Jun 10

A security vulnerability in the PCX image codec in QNX SDP (CVSS 9.8) that allows an unauthenticated attacker. Critical

CVE-2021-32024 CRITICAL
9.8 Dec 13

A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an

CVE-2020-6932 CRITICAL
9.8 Aug 12

An information disclosure and remote code execution vulnerability in the slinger web server of the BlackBerry QNX Softwa

CVE-2017-3891 CRITICAL
9.6 Nov 14

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default conf

CVE-2024-35213 CRITICAL
9.0 Jun 11

An improper input validation vulnerability in the SGI Image Codec of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an

CVE-2019-8998 HIGH
7.8 Jul 12

An information disclosure vulnerability leading to a potential local escalation of privilege in the procfs service (the

CVE-2026-4017 HIGH
7.4 Jul 14

Local information disclosure, data tampering, and denial of service in the BlackBerry QNX Neutrino kernel stems from a s

CVE-2023-32701 HIGH
7.1 Nov 14

Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to pot

CVE-2026-4018 MEDIUM
6.4 Jul 14

TOCTOU Race Condition in specific trace commands of the TraceEvent() system call could allow an attacker with local acce

CVE-2026-0515 MEDIUM
6.2 Jul 14

Insufficient Parameter Validation in the SchedGet() system call could allow an attacker with local access to cause a cra

Share

CVE-2021-22156 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy