PT-2019-17426 · Google · Nest Cam Iq Indoor+1

Publicado

2019-08-20

·

Atualizado

2022-06-07

·

CVE-2019-5040

CVSS v3.1

8.2

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Name of the Vulnerable Software and Affected Versions Openweave-core version 4.0.2 Nest Cam IQ Indoor version 4620002
Description An information disclosure issue exists due to integer overflow in Weave MessageLayer parsing. A specially crafted weave packet can cause PacketBuffer data reuse. This can be triggered by an attacker sending a packet.
Recommendations For Openweave-core version 4.0.2, update to a version that fixes the integer overflow issue in Weave MessageLayer parsing. For Nest Cam IQ Indoor version 4620002, update to a version that fixes the integer overflow issue in Weave MessageLayer parsing.

Exploit

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CVE-2019-5040

Produtos afetados

Nest Cam Iq Indoor
Openweave-Core