The security research group for Azure Defender for IoT, dubbed Section 52, has found a batch of bad memory allocation operations in code used in Internet of Things and operational technology (OT) such as industrial control systems that could lead to malicious code execution.
Given the trendy vulnerability name of BadAlloc, the vulnerabilities are related to not properly validating input, which leads to heap overflows, and can eventually end at code execution.
"All of these vulnerabilities stem from the usage of vulnerable memory functions such as malloc, calloc, realloc, memalign, valloc, pvalloc, and more," the research team wrote in a blog post.
The use of these functions gets problematic when passed external input that can cause an integer overflow or wraparound as values to the functions.
+INFO: ZDNet