ERROR: BadAlloc! - Broken Memory Allocators Led to Millions of Vulnerable IoT & Embedded Devices (2)

“BadAlloc“ is our code name for a class of integer-overflow related security issues found in popular memory allocators’ core functions such as malloc and calloc. BadAlloc vulnerabilities affect 17 different widely used real time operating systems (i.e., VxWorks, FreeRTOS, eCos), standard C libraries (i.e., newlib, uClibc, Linux klibc), IoT device SDKs (i.e., Google Cloud IoT SDK, Texas Instruments SimpleLink SDK) and other self-memory management applications (i.e., Redis). Some of these vulnerabilities go as far back as the early 90’s and all of them collectively impact millions of devices worldwide, mainly IoT and embedded devices as this was our focus... By: Omri Ben-Bassat & Tamir Ariel Full Abstract & Presentation Materials: #error-badalloc---broken-memory-allocators-led-to-millions-of-vulnerable-iot-and-embedded-devices-23135