CVE-2017-16339

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012

Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, at memory address 0x9d01bb1c, the value for the uri key is copied using strcpy to a buffer at 0xa00016a0, which is 64 bytes large. Sending a uri value longer than 64 bytes will cause a buffer overflow.

Recommendations: For Insteon Hub version 1012, as a temporary workaround, consider restricting the length of the uri key in HTTP requests to prevent buffer overflow until a patch is available.