PT-2019-17425 · Openwave · Openweave-Core

Claudio Bozzato

Publicado

2019-08-20

Atualizado

2022-06-27

CVE-2019-5039

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Openweave-core version 4.0.2

Description A command execution issue exists in the ASN1 certificate writing functionality. It can be triggered by a specially crafted weave certificate, leading to a heap-based buffer overflow and resulting in code execution. An attacker can exploit this by crafting a specific weave certificate.

Recommendations For Openweave-core version 4.0.2, consider disabling the ASN1 certificate writing functionality until a patch is available. Restrict access to the weave certificate processing module to minimize the risk of exploitation.

Exploit

Correção

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

CVE-2019-5039

Produtos afetados

Openweave-Core

PT-2019-17425 · Openwave · Openweave-Core

CVE-2019-5039

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3