CVE-2021-43268: Double Free
Published Nov 24, 2021
·Updated
An issue was discovered in VxWorks 6.9 through 7. In the IKE component, a specifically crafted packet may lead to reading beyond the end of a buffer, or a double free.
Affected Software
1 affected component
Windriver Vxworks>=6.9<=7.0
Event History
Nov 24, 2021
CVE Published
via MITRE·04:15 PM
Data Sourced
via MITRE·04:15 PM
Description
Data Sourced
via NVD·05:15 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-43268.
2
What is the severity rating of CVE-2021-43268?
CVE-2021-43268 has a severity rating of 6.5, which is considered medium.
3
What software versions are affected by CVE-2021-43268?
VxWorks versions 6.9 through 7 are affected by CVE-2021-43268.
4
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The CWE ID for CVE-2021-43268 is CWE-415.
5
How can the vulnerability be exploited?
The vulnerability can be exploited by sending a specifically crafted packet in the IKE component of VxWorks, which may lead to reading beyond the end of a buffer or a double free.