{"id":"CVE-2021-26461","details":"Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.","modified":"2026-04-11T13:54:01.697225Z","published":"2021-06-21T17:15:09.103Z","references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/incubator-nuttx","events":[{"introduced":"0"},{"fixed":"3130ff691e386934eb276587a24d1efacf3bb30b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.1.0"}]}}],"versions":["nuttx-1.0","nuttx-1.1","nuttx-1.2","nuttx-10.1.0-RC0","nuttx-2.1","nuttx-2.2","nuttx-2.3","nuttx-2.4","nuttx-2.5","nuttx-2.6","nuttx-2.7","nuttx-2.8","nuttx-3.0","nuttx-3.1","nuttx-3.10","nuttx-3.11","nuttx-3.12","nuttx-3.13","nuttx-3.14","nuttx-3.15","nuttx-3.16","nuttx-3.17","nuttx-3.18","nuttx-3.19","nuttx-3.2","nuttx-3.3","nuttx-3.4","nuttx-3.5","nuttx-3.6","nuttx-3.6.1","nuttx-3.7","nuttx-3.8","nuttx-3.9","nuttx-4.0","nuttx-4.1","nuttx-4.10","nuttx-4.11","nuttx-4.12","nuttx-4.13","nuttx-4.14","nuttx-4.2","nuttx-4.3","nuttx-4.4","nuttx-4.5","nuttx-4.6","nuttx-4.7","nuttx-4.8","nuttx-4.9","nuttx-5.0","nuttx-5.1","nuttx-5.10","nuttx-5.11","nuttx-5.12","nuttx-5.13","nuttx-5.14","nuttx-5.15","nuttx-5.16","nuttx-5.17","nuttx-5.18","nuttx-5.19","nuttx-5.2","nuttx-5.3","nuttx-5.4","nuttx-5.5","nuttx-5.6","nuttx-5.7","nuttx-5.8","nuttx-5.9","nuttx-6.0","nuttx-6.1","nuttx-6.10","nuttx-6.11","nuttx-6.12","nuttx-6.13","nuttx-6.14","nuttx-6.15","nuttx-6.16","nuttx-6.17","nuttx-6.18","nuttx-6.19","nuttx-6.2","nuttx-6.20","nuttx-6.21","nuttx-6.22","nuttx-6.23","nuttx-6.24","nuttx-6.25","nuttx-6.26","nuttx-6.27","nuttx-6.28","nuttx-6.29","nuttx-6.3","nuttx-6.30","nuttx-6.31","nuttx-6.32","nuttx-6.33","nuttx-6.4","nuttx-6.5","nuttx-6.6","nuttx-6.7","nuttx-6.8","nuttx-6.9","nuttx-7.1","nuttx-7.10","nuttx-7.11","nuttx-7.12","nuttx-7.13","nuttx-7.14","nuttx-7.15","nuttx-7.16","nuttx-7.17","nuttx-7.18","nuttx-7.2","nuttx-7.20","nuttx-7.21","nuttx-7.22","nuttx-7.23","nuttx-7.24","nuttx-7.25","nuttx-7.26","nuttx-7.27","nuttx-7.28","nuttx-7.29","nuttx-7.3","nuttx-7.30","nuttx-7.31","nuttx-7.4","nuttx-7.5","nuttx-7.6","nuttx-7.8","nuttx-7.9","nuttx-8.1","nuttx-8.2"],"database_specific":{"vanir_signatures":[{"target":{"file":"arch/risc-v/src/k210/k210_irq.c"},"id":"CVE-2021-26461-1d1ad43a","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["316238073908397001294668170111245935112","243780462924448801141492148254774031381","276030682232053770831914696041104985276","119304014593459627961731653517724272458"]},"deprecated":false,"signature_version":"v1","source":"https://github.com/apache/incubator-nuttx/commit/3130ff691e386934eb276587a24d1efacf3bb30b"},{"target":{"function":"up_irqinitialize","file":"arch/risc-v/src/k210/k210_irq.c"},"id":"CVE-2021-26461-abcf61fc","signature_type":"Function","digest":{"length":932,"function_hash":"105513224271813551519762554760106111115"},"deprecated":false,"signature_version":"v1","source":"https://github.com/apache/incubator-nuttx/commit/3130ff691e386934eb276587a24d1efacf3bb30b"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-26461.json","vanir_signatures_modified":"2026-04-11T13:54:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}