CVE-2019-5037

CWE-190 — Integer Overflow CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.5HIGH

EPSS

0.1%

top 70.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Nest CAM IQ Indoor Firmware

Timeline

PublishedAug 20

Latest updateMay 24

Description

An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDgoogle/nest_cam_iq_indoor_firmware4620002

▶CVEListV5nest_labsNest Labs Nest Cam IQ Indoor version 4620002

🔴Vulnerability Details

GHSA

GHSA-9v2w-wx2p-2q5v: An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002↗2022-05-24

▶

CVEList

CVE-2019-5037: An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002↗2019-08-20

▶

💥Exploits & PoCs

Exploit-DB

osCommerce 2.1 - Remote File Inclusion↗2002-06-16

▶