PT-2019-17425 · Openwave · Openweave-Core

Claudio Bozzato

Published

2019-08-20

Updated

2022-06-27

CVE-2019-5039

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Openweave-core version 4.0.2

Description A command execution issue exists in the ASN1 certificate writing functionality. It can be triggered by a specially crafted weave certificate, leading to a heap-based buffer overflow and resulting in code execution. An attacker can exploit this by crafting a specific weave certificate.

Recommendations For Openweave-core version 4.0.2, consider disabling the ASN1 certificate writing functionality until a patch is available. Restrict access to the weave certificate processing module to minimize the risk of exploitation.

Exploit

Fix

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

CVE-2019-5039

Affected Products

Openweave-Core

PT-2019-17425 · Openwave · Openweave-Core

CVE-2019-5039

Weakness Enumeration

Related Identifiers

Affected Products

References · 3