ZephyrCVELIST:CVE-2020-10060CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.0%
In updatehub_probe, right after JSON parsing is complete, objects[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions.
CNA Affected
[
{
"product": "zephyr",
"vendor": "zephyrproject-rtos",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.1.0",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.2.0",
"versionType": "custom"
}
]
}
]References
docs.zephyrproject.org/latest/security/vulnerabilities.html#cve-2020-10060
github.com/zephyrproject-rtos/zephyr/pull/27865
github.com/zephyrproject-rtos/zephyr/pull/27889
github.com/zephyrproject-rtos/zephyr/pull/27891
github.com/zephyrproject-rtos/zephyr/pull/27893
zephyrprojectsec.atlassian.net/browse/ZEPSEC-37
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.0%