CVE-2019-5034

CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 74.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Nest CAM IQ Indoor Firmware

Timeline

PublishedAug 20

Latest updateMay 24

Description

An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDgoogle/nest_cam_iq_indoor_firmware4620002

▶CVEListV5nest_labsNest Labs Nest Cam IQ Indoor version 4620002

🔴Vulnerability Details

GHSA

GHSA-v6f5-6w5w-36m9: An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002↗2022-05-24

▶

CVEList

CVE-2019-5034: An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002↗2019-08-20

▶

💥Exploits & PoCs

Exploit-DB

Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream↗2019-08-15

▶