PT-2020-15835 · Objective · Oocborrt

Published

2020-09-17

Updated

2021-07-21

CVE-2020-24753

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Objective Open CBOR Run-time (oocborrt) versions prior to 2020-08-12

Description A memory corruption issue exists due to an uncaught error while decoding CBOR Major Type 3 text strings, leading to the use of an attacker-controllable uninitialized stack value. This can cause memory modification, resulting in a crash or potentially exploitable heap corruption, allowing an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder.

Recommendations For versions prior to 2020-08-12, update to a version released after 2020-08-12 to resolve the issue.

Exploit

Fix

Memory Corruption

Use of Uninitialized Resource

Improper Handling of Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-908CWE-755

Related Identifiers

CVE-2020-24753

Affected Products

Oocborrt

PT-2020-15835 · Objective · Oocborrt

CVE-2020-24753

Weakness Enumeration

Related Identifiers

Affected Products

References · 4