PT-2019-17426 · Google · Nest Cam Iq Indoor+1

Published

2019-08-20

Updated

2022-06-07

CVE-2019-5040

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions Openweave-core version 4.0.2 Nest Cam IQ Indoor version 4620002

Description An information disclosure issue exists due to integer overflow in Weave MessageLayer parsing. A specially crafted weave packet can cause PacketBuffer data reuse. This can be triggered by an attacker sending a packet.

Recommendations For Openweave-core version 4.0.2, update to a version that fixes the integer overflow issue in Weave MessageLayer parsing. For Nest Cam IQ Indoor version 4620002, update to a version that fixes the integer overflow issue in Weave MessageLayer parsing.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2019-5040

Affected Products

Nest Cam Iq Indoor

Openweave-Core

PT-2019-17426 · Google · Nest Cam Iq Indoor+1

CVE-2019-5040

Weakness Enumeration

Related Identifiers

Affected Products

References · 3