CVE-2020-10060Improper Restriction of Operations within the Bounds of a Memory Buffer in Zephyr

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-824Access of Uninitialized Pointer3 documents3 sources
Severity
6.5MEDIUMNVD
CNA4.8
EPSS
3.0%
top 13.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Zephyrproject-rtos ZephyrZephyrproject Zephyr
Timeline
PublishedMay 11
Latest updateMay 24

Description

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

CVEListV5zephyrproject-rtos/zephyr2.1.0unspecified+1
NVDzephyrproject/zephyr2.1.02.4.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-435h-hqgw-fqgf: In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places2022-05-24
CVEList
UpdateHub Might Dereference An Uninitialized Pointer2020-05-11
CVE-2020-10060 — Zephyr vulnerability | cvebase