CVE-2017-16254
published 2019-03-21CVE-2017-16254: An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent…
PriorityP346high8.1CVSS 3.1
AVNACLPRLUINSUCNIHAH
EPSS
1.25%
65.6th percentile
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| insteon | hub_firmware | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_ruby_2.6.7-1_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.5HIGHCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w79p-mgwq-qwg7: An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012
ghsa_unreviewed·2022-05-13
CVE-2017-16254 [MEDIUM] CWE-119 GHSA-w79p-mgwq-qwg7: An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow.
Microsoft
Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header an attacker can exploit it to
vendor_msrc·2019-11-12·CVSS 5.3
CVE-2019-16254 [MEDIUM] CWE-74 Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header an attacker can exploit it to
Ruby through 2.4.7 2.5.x through 2.5.6 and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header an attacker can exploit it to insert a newline character to split a header and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742 which addressed the CRLF vector but did not address an isolated CR or an isolated LF.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries w
Red Hat
ruby: HTTP response splitting in WEBrick
vendor_redhat·2019-10-25·CVSS 5.3
CVE-2019-16254 [MEDIUM] CWE-113 ruby: HTTP response splitting in WEBrick
ruby: HTTP response splitting in WEBrick
Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF.
Package: 3amp-system (Red Hat 3scale API Management Platform 2) - Fix deferred
Package: ruby (Red Hat Enterprise Linux 5) - Out of support scope
Package: ruby (Red Hat Enterprise Linux 6) - Out of support scope
Package: ruby (Red Hat Enterprise Linux 7) - Fix deferred
Package: rh-ruby24-ruby (
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-03-21
Published